Preparing remote Ubuntu Aegir Servers

Events happening in the community are now at Drupal community events on www.drupal.org.
iainh's picture
Posted by iainh on November 10, 2010 at 4:33pm

I came across two problems setting up the passwordless ssh between the Aegir servers as I followed (rather too blindly, perhaps) the "Remote Servers" section of the Aegir INSTALL.txt.
Ubuntu 10.4 LTS was on the local (testing) machine; 8.04.4 LTS on the remote (production) server.
Here are solutions / workarounds:

Symptoms:

  1. ssh into aegir@anymachine immediately being rejecting at login
  2. passwordless ssh between instances of aegir@anymachine ignoring the rsa key and requiring a unix password

Solutions:

  1. This appears to have happened as a consequence of specifying sh when INSTALL.txt recommends you chsh -s /bin/sh aegir. After having reverted account aegir to the Ubuntu default bash, ssh logins were not aborted immediately
  2. There seems to be some bug in Ubuntu's sshd that doesn't resolve its /etc/ssh/sshd_config default
    AuthorizedKeysFile    %h/.ssh/authorized_keys
    properly to $HOME/.ssh/authorized_keys e.g.
    /var/aegir/.ssh/authorized_keys

    ... if the account's home directory is anything else than /home/{account}/ e.g. /home/aegir/ .

    So, by setting /etc/ssh/sshd_config StrictModes no, even though all .ssh directory and files permissions were as they should be, a workaround was found and passwordless ssh and rsync was possible - as required by Aegir to verify new Remote servers.

Categories: , ,

Comments

Hmm

Posted by skwashd on November 11, 2010 at 8:42am
skwashd's picture

The only time I've had issues with Aegir and remote hosts is if I hadn't ssh'd as the aegir use to the remote host first so the known_hosts. By manually sshing to the remote machine it updates the file.

Yes, it had me baffled too,

Posted by iainh on November 11, 2010 at 3:34pm
iainh's picture

Yes, it had me baffled too, as passwordless ssh to other (than aegir) accounts on the same machine behaved as expected, so I could see there was something about the way I'd set up the aegir accounts that was causing the passwordless ssh to fail.
I re-generated passwordless rsa keys on both local and remote aegir accounts; did an ssh-copy-id both ways; checked the file and directory permissions; ssh'd again .... but was still asked for unix password until I did what I described above. (That was after I sussed how the shell specification was dropping the logins).
Maybe this is just an Ubuntu thing?

Anyway, all is humming along nicely now and the remote Aegir server is verified and I'm migrating sites to it.

Thanks for all your very good work!

Aegir hosting system

Group organizers

Group categories

Topic

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: