Closed hswong3i closed 3 years ago
@ladar something I had tried:
polkit
in scripts/fedora33/dnf.sh
: though out all provisioning (even until scripts/common/lockout.sh
), both /etc/polkit-1/rules.d/49-vagrant.rules
and /etc/ssh/sshd_config.d/10-vagrant-insecure-rsa-key.conf
are existing with correct setup; BTW once vagrant up
it rollback as nothingSELINUX=permissive
: similar as above, also get rollback as SELINUX=enforcing
after initial vagrant up
@ladar I checked with https://app.vagrantup.com/fedora/boxes/33-cloud-base, their patch exists and working during initial vagrant up
, where vagrant ssh
also working perfectly:
[vagrant@cheph9ohg3he-1 ~]$ sudo su -
[root@cheph9ohg3he-1 ~]# ls -la /etc/ssh/sshd_config.d/
total 16
drwx------. 2 root root 4096 Oct 19 23:41 .
drwxr-xr-x. 4 root root 4096 Nov 8 06:17 ..
-rw-r--r--. 1 root root 133 Oct 19 23:41 10-vagrant-insecure-rsa-key.conf
-rw-------. 1 root root 1002 Sep 29 14:03 50-redhat.conf
[root@cheph9ohg3he-1 ~]# cat /etc/ssh/sshd_config.d/10-vagrant-insecure-rsa-key.conf
# For now the vagrant insecure key is an rsa key
# https://github.com/hashicorp/vagrant/issues/11783
PubkeyAcceptedKeyTypes=+ssh-rsa
I looked this over. I don't think its needed. It changes the file system contexts/permissions, but I don't think new context is correct for the given directories (if there is such a think as "correct").
My guess is the files aren't showing up is because your using the 3.1.0
boxes which don't have this change. About 24 hours ago I released the latest boxes (3.1.2
) and based on my testing, they work just. These boxes contain theupdate-crypto-policies --set LEGACY
fix.
A new set of boxes should be uploading over the next few days (aka 3.1.2
, and some of those Fedora 33 boxes will have the newer fix. I think all, just not sure.
Either way, I'm kicking off the 3.1.6
today, and I know all of those boxes will have the current fix when they upload. So I'm gonna close this ticket. If you still have trouble once the 3.1.6
boxes upload, please reopen it.
A new set of boxes should be uploading over the next few days (aka
3.1.2
, and some of those Fedora 33 boxes will have the newer fix. I think all, just not sure.
Confirmed 3.1.2
including update-crypto-policies --set LEGACY
fix:
$ vagrant box list | grep fedora33
generic/fedora33 (libvirt, 3.1.2)
$ vagrant ssh
Last login: Wed Nov 11 03:54:37 2020 from 192.168.121.1
[vagrant@ugaeg9geicuz-1 ~]$ sudo su -
Last login: Wed Nov 11 03:54:40 UTC 2020 on pts/0
[root@ugaeg9geicuz-1 ~]# update-crypto-policies --show
LEGACY
Follow up for https://github.com/lavabit/robox/pull/173, where both files are still missing during initial
vagrant up
:/etc/polkit-1/rules.d/49-vagrant.rules
/etc/ssh/sshd_config.d/10-vagrant-insecure-rsa-key.conf
In case it is SELinux related, at least
chcon
is just used for temporary changes but not as persistent assemanage fcontext
should be.