Open egorksv opened 1 month ago
UPD: Read as "Ansible Galaxy has very old version 1.15.0"
Disregard that, still happens in v2.1.1
Confirmed fixed on master
Hi @egorksv, yeah I've seen that as well when using some images. The directory is created when the sshd
is restarted IIRC.
I'll add an task that creates the directory beforehand.
https://github.com/systemd/systemd/releases/tag/v256 (SSH Integration) mentions it, but the issue is a proper classic.
"The generated unit only works correctly if the SSH privilege separation ("privsep") directory exists. Unfortunately distributions vary wildly where they place this directory. An incomprehensive list:
• /usr/share/empty.sshd/ (new fedora)
• /var/empty/
• /var/empty/sshd/
• /run/sshd/ (debian/ubuntu?)
If the SSH privsep directory is placed below /var/ or /run/ care
needs to be taken that the directory is created automatically at boot
if needed, since these directories possibly or always come up
empty. This can be done via a tmpfiles.d/ drop-in. You may use the
"sshdprivsepdir" meson option provided by systemd to configure the
directory, in case you want systemd to create the directory as needed
automatically, if your distribution does not cover this natively."
Fix is on its way.
better handling of privsep directories merged in https://github.com/konstruktoid/ansible-role-hardening/pull/758 will publish a new release soon
https://github.com/konstruktoid/ansible-role-hardening/releases/tag/v2.2.0 released with the fix included
Describe the bug Error during initial ansible run, works fine on re-running provisioning
To Reproduce Running with Vagrant:
Tasks.yml: