Doesn't seem to work on Fedora 36 beta (Kinoite)

gsauthof / dracut-sshd

Provide SSH access to initramfs early user space on Fedora and other systems that use Dracut

243 stars 31 forks source link

Doesn't seem to work on Fedora 36 beta (Kinoite) #59

Closed cthu1hoo closed 2 years ago

cthu1hoo commented 2 years ago

Things were fine on 35 Kinoite. I did the usual:

added the COPR
added network module to dracut.conf.d
did the overlay:

rpm-ostree install dracut-sshd dracut-network
rpm-ostree kargs --append-if-missing=rd.neednet=1 --append-if-missing=ip=dhcp
rpm-ostree initramfs --enable

network is going up on boot and I can ping the machine, but ssh is not running. i've tried entering rd.break emergency shell and systemctl doesn't know anything about ssh-related services and journalctl is also blank.

doesn't seem like sshd is even in the initramfs:

[root@homepc dracut.conf.d]# lsinitrd /boot/ostree/fedora-abe0ad1377294aefb54bcb7d6b0b48bb800574184999dd8c01e6ce8615f4071e/initramfs-5.17.3-302.fc36.x86_64.img  | grep ssh
-rwxr-xr-x   1 root     root       460064 Jan  1  1970 usr/lib64/libssh.so.4.8.7
lrwxrwxrwx   1 root     root           27 Jan  1  1970 usr/lib64/libssh.so.4 -> ../../lib64/libssh.so.4.8.7

how to proceed to debug this further? thanks in advance.

cthu1hoo commented 2 years ago

As usual, creating a ticked ensures everything suddenly starts working. Not sure why, but one of those seems to have helped:

enabling sshd on the machine (it was disabled since this was a fresh reinstall - could this have affected things?)
running rpm-ostree initramfs-etc --force-sync one more time

sshd and related stuff suddenly showed up in the initramfs and it went smoothly from there. sorry for the noise.

gsauthof commented 2 years ago

I have zero experience with rpm-ostree.

Dracut-ssh does check for ssh host keys:

https://github.com/gsauthof/dracut-sshd/blob/31eecdaad1279789427b1dcfdc3b0927eefe905e/46sshd/module-setup.sh#L26-L38

The host keys are generated locally at some point - e.g. as part of a post-script action when installing the RPM or when starting sshd the first time.

So perhaps your system didn't have any host keys until you enabled sshd?

As you see from the snippet in that case dracut-sshd should have reported Didn't find any SSH host key! and fail. Perhaps this error message/failure exit status was eaten by rpm-ostree?

Otherwise your second point could have fixed it, as well - e.g. when the previous commands didn't really rebuilt the initramfs. If that happened it would look like a bug in rpm-ostree.

cthu1hoo commented 2 years ago

So perhaps your system didn't have any host keys until you enabled sshd?

This is a likely reason. I don't really have time to test this on a clean VM, but host keys in /etc/ssh are newer than some other files like /etc/dracut-sshd/authorized_keys so it makes sense that they were generated when I started sshd for the first time.

Perhaps I didn't notice the error message or, like you said, maybe ostree ate it. I suppose the bottom line here is - we need to start sshd at least once before enabling dracut-sshd on a fresh reinstall. Hopefully this helps someone else in the future.