Bug#849037: marked as done (ssh: Missing systemd Unit file for ssh_key regen)
Your message dated Wed, 4 Jan 2017 05:34:17 +0000
with message-id <20170104053417.GB20455@riva.ucam.org>
and subject line Re: Bug#849037: ssh: Missing systemd Unit file for ssh_key regen
has caused the Debian Bug report #849037,
regarding ssh: Missing systemd Unit file for ssh_key regen
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
849037: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849037
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: ssh: Missing systemd Unit file for ssh_key regen
- From: Duncan Hare <dh@synoia.com>
- Date: Wed, 21 Dec 2016 20:47:53 -0500
- Message-id: <20161222014753.1380.96519.reportbug@raspberrypi>
Package: ssh
Version: 1:6.7p1-5+deb8u3
Severity: important
-- System Information:
Distributor ID: Raspbian
Description: Raspbian GNU/Linux 8.0 (jessie)
Release: 8.0
Codename: jessie
Architecture: armv7l
Kernel: Linux 4.4.34-v7+ (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages ssh depends on:
ii dpkg 1.17.27
ii openssh-client 1:6.7p1-5+deb8u3
ii openssh-server 1:6.7p1-5+deb8u3
ssh recommends no packages.
ssh suggests no packages.
-- debconf-show failed
Note: File sysyem is read only /etc/ssh cannot be written. Var is RW, can keys be moved?
-- Logs begin at Wed 2016-12-21 18:58:14 EST, end at Wed 2016-12-21 19:17:02 EST. --
Dec 21 18:58:14 raspberrypi kernel: VFS: Mounted root (nfs filesystem) readonly on device 0:16.
Dec 21 18:58:14 raspberrypi kernel: devtmpfs: mounted
Dec 21 18:58:14 raspberrypi kernel: Freeing unused kernel memory: 476K (807eb000 - 80862000)
Dec 21 18:58:14 raspberrypi kernel: random: systemd: uninitialized urandom read (16 bytes read, 126 bits of entropy available)
Dec 21 18:58:14 raspberrypi systemd[1]: systemd 215 running in system mode. (+PAM +AUDIT +SELINUX +IMA +SYSVINIT +LIBCRYPTSETUP +GCRYPT +ACL +XZ -SECCOMP -APPARMOR)
Dec 21 18:58:14 raspberrypi systemd[1]: Detected architecture 'arm'.
Dec 21 18:58:14 raspberrypi kernel: random: nonblocking pool is initialized
Dec 21 18:58:14 raspberrypi kernel: NET: Registered protocol family 10
Dec 21 18:58:14 raspberrypi systemd[1]: Inserted module 'ipv6'
Dec 21 18:58:14 raspberrypi systemd[1]: Set hostname to <raspberrypi>.
Dec 21 18:58:14 raspberrypi kernel: uart-pl011 3f201000.uart: no DMA platform data
Dec 21 18:58:15 raspberrypi systemd[1]: Cannot add dependency job for unit regenerate_ssh_host_keys.service, ignoring: Unit regenerate_ssh_host_keys.service failed to load: No such file or directory.
Dec 21 18:58:15 raspberrypi systemd[1]: Found ordering cycle on basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on sysinit.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on kbd.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on remote-fs.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on home.mount/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on network.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on dhcpcd.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Breaking ordering cycle by deleting job kbd.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Job kbd.service/start deleted to break ordering cycle starting with basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found ordering cycle on basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on sysinit.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on raspi-config.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on remote-fs.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on home.mount/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on network.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on dhcpcd.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Breaking ordering cycle by deleting job raspi-config.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Job raspi-config.service/start deleted to break ordering cycle starting with basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found ordering cycle on basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on sysinit.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on console-setup.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on remote-fs.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on home.mount/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on network.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on dhcpcd.service/start
Dec 21 18:58:15 raspberrypi systemd[1]: Found dependency on basic.target/start
Dec 21 18:58:15 raspberrypi systemd[1]: Breaking ordering cycle by deleting job console-setup.service/start
--- End Message ---
--- Begin Message ---
- To: Duncan Hare <dh@synoia.com>, 849037-close@bugs.debian.org
- Subject: Re: Bug#849037: ssh: Missing systemd Unit file for ssh_key regen
- From: Colin Watson <cjwatson@debian.org>
- Date: Wed, 4 Jan 2017 05:34:17 +0000
- Message-id: <20170104053417.GB20455@riva.ucam.org>
- In-reply-to: <20161222014753.1380.96519.reportbug@raspberrypi>
- References: <20161222014753.1380.96519.reportbug@raspberrypi>
On Wed, Dec 21, 2016 at 08:47:53PM -0500, Duncan Hare wrote:
> Distributor ID: Raspbian
[...]
> Note: File sysyem is read only /etc/ssh cannot be written. Var is RW, can keys be moved?
Debian generates keys only in openssh-server.postinst, at which point
/etc/ is required to be writable. Of course it can be made read-only
later if no package management is to be performed.
> Dec 21 18:58:15 raspberrypi systemd[1]: Cannot add dependency job for unit regenerate_ssh_host_keys.service, ignoring: Unit regenerate_ssh_host_keys.service failed to load: No such file or directory.
This appears to be something specific to Raspbian. In Debian, I very
deliberately do not generate keys at boot, because entropy is often
scarce at boot time; I've seen academic papers that indicate that doing
this at boot is the cause of many vulnerable keys across the internet.
Unfortunately, bad-but-tempting ideas can be hard to eradicate.
A bit of web-searching suggests
https://www.marcomc.com/2012/09/how-to-fix-regenerate_ssh_host_keys-failed-on-raspbian-for-raspberrypi/,
but I really have no idea if that's current. You'll need to take this
up with the Raspbian folks if that isn't enough to resolve this.
--
Colin Watson [cjwatson@debian.org]
--- End Message ---
Reply to: