Project

General

Profile

Bug #1920

came across someone that uses some form of sw RAID

Added by cpg over 4 years ago. Updated over 4 years ago.

Status:
Assigned
Priority:
Normal
Assignee:
Category:
Fedora 21
Target version:
-
Start date:
01/27/2016
Due date:
% Done:

0%


Description

I came across one user today that had really strange issues with his install of fedora 21 minimal.

one thing was that he was generally clueless. not his fault, just that his expertise with details was nil, yet he was determined to make things work. we want users like this to force us to make amahi easier to install.

i decided to call him on the phone and realized that he did some minimal install, though he was fully up to date, so there must have been some network install or something.

the ssh host keys in /etc/sshd/ssh*key had permissions 640 and any ssh connection was refused immediately without even any login!!!

anyway, he had an interesting RAID set up that seemed perhaps SW RAID? maybe this is what megabitdragon and I mentioned the other day?
he seemed clueless about it, so maybe it was HW RAID?

here is his fpaste sysinfo:

=== fpaste 0.3.7.4 System Information (fpaste --sysinfo) ===
* OS Release (cat /etc/*-release | uniq):
     Fedora release 21 (Twenty One)
     NAME=Fedora
     VERSION="21 (Twenty One)" 
     ID=fedora
     VERSION_ID=21
     PRETTY_NAME="Fedora 21 (Twenty One)" 
     ANSI_COLOR="0;34" 
     CPE_NAME="cpe:/o:fedoraproject:fedora:21" 
     HOME_URL="https://fedoraproject.org/" 
     BUG_REPORT_URL="https://bugzilla.redhat.com/" 
     REDHAT_BUGZILLA_PRODUCT="Fedora" 
     REDHAT_BUGZILLA_PRODUCT_VERSION=21
     REDHAT_SUPPORT_PRODUCT="Fedora" 
     REDHAT_SUPPORT_PRODUCT_VERSION=21
     Fedora release 21 (Twenty One)

* Kernel (uname -r ; cat /proc/cmdline):
     4.1.13-100.fc21.x86_64
     BOOT_IMAGE=/vmlinuz-4.1.13-100.fc21.x86_64 root=UUID=c1e1e85a-67d2-43be-8aa6-2acc3f1e0736 ro rd.md.uuid=7f3343c7:2e5c01b9:cb5b71cd:783ae31f rd.md.uuid=c6934607:dae9d990:227ffce1:fb9542a2 rhgb quiet LANG=en_US.UTF-8

* Desktop(s) Running (failed: "ps -eo comm= | grep -E '(gnome-session|startkde|startactive|xfce.?-session|fluxbox|blackbox|hackedbox|ratpoison|enlightenment|icewm-session|od-session|wmaker|wmx|openbox-lxde|openbox-gnome-session|openbox-kde-session|mwm|e16|fvwm|xmonad|sugar-session|mate-session|lxqt-session|cinnamon)' "):
     N/A

* Desktop(s) Installed (failed: "ls -m /usr/share/xsessions/ | sed 's/\.desktop//g' "):
     N/A

* SELinux Status (sestatus):
     SELinux status:                 enabled
     SELinuxfs mount:                /sys/fs/selinux
     SELinux root directory:         /etc/selinux
     Loaded policy name:             targeted
     Current mode:                   permissive
     Mode from config file:          enforcing
     Policy MLS status:              enabled
     Policy deny_unknown status:     allowed
     Max kernel policy version:      29

* SELinux Error Count (failed: "selinuxenabled && journalctl --since yesterday |grep avc: |grep -Eo "comm="[^ ]+" |sort |uniq -c |sort -rn"):
     N/A

* CPU Model (grep 'model name' /proc/cpuinfo | awk -F: '{print $2}' | uniq -c | sed -re 's/^ +//' ):
     4  Intel(R) Xeon(R) CPU           W3520  @ 2.67GHz

* 64-bit Support (grep -q ' lm ' /proc/cpuinfo && echo Yes || echo No):
     Yes

* Hardware Virtualization Support (grep -Eq '(vmx|svm)' /proc/cpuinfo && echo Yes || echo No):
     Yes

* Load average (uptime):
      19:23:03 up 52 min,  0 users,  load average: 2.02, 1.75, 1.57

* Memory usage (free -m):
                   total        used        free      shared  buff/cache   available
     Mem:           7966         149        7453           0         362        7740
     Swap:          8063           0        8063

* Top 5 CPU hogs (ps axuScnh | awk '$2!=7588' | sort -rnk3 | head -5):
            0   368 32.6  0.0      0     0 ?        S    18:30  17:11 md126_raid10
            0   374 14.5  0.0      0     0 ?        D    18:30   7:40 md126_resync
            0  7551  4.1  0.0 115776  3532 tty1     S    19:19   0:08 bash
            0  1152  1.1  0.0 123548  2396 ?        Ss   19:01   0:14 anacron
            0   635  0.8  0.0      0     0 ?        D    18:30   0:26 ext4lazyinit

* Top 5 Memory hogs (ps axuScnh | sort -rnk4 | head -5):
            0   651  0.0  0.3 319936 26580 ?        Ssl  18:30   0:01 firewalld
            0  1071  0.0  0.2 120540 18476 ?        S    18:30   0:00 dhclient
            0  7588 11.0  0.1 202148 12708 tty1     S+   19:23   0:00 python
            0   719  0.0  0.1 447064 11500 ?        Ssl  18:30   0:01 NetworkManager
            0   583  0.0  0.1  14912 10808 ?        SLsl 18:30   0:00 mdmon

* Disk space usage (df -hT):
     Filesystem     Type      Size  Used Avail Use% Mounted on
     devtmpfs       devtmpfs  3.9G     0  3.9G   0% /dev
     tmpfs          tmpfs     3.9G     0  3.9G   0% /dev/shm
     tmpfs          tmpfs     3.9G  736K  3.9G   1% /run
     tmpfs          tmpfs     3.9G     0  3.9G   0% /sys/fs/cgroup
     /dev/md126p3   ext4       50G  887M   46G   2% /
     tmpfs          tmpfs     3.9G  4.0K  3.9G   1% /tmp
     /dev/md126p1   ext4      477M   73M  375M  17% /boot
     /dev/md126p5   ext4      860G   72M  816G   1% /home
     tmpfs          tmpfs     797M     0  797M   0% /run/user/1000
     tmpfs          tmpfs     797M     0  797M   0% /run/user/0

* Block devices (blkid):
     /dev/sda: TYPE="isw_raid_member" 
     /dev/sdb: TYPE="isw_raid_member" 
     /dev/sdc: TYPE="isw_raid_member" 
     /dev/sdd: TYPE="isw_raid_member" 
     /dev/md126: PTUUID="0017f799" PTTYPE="dos" 
     /dev/md126p1: UUID="3acd417d-bac9-4297-bbcd-63d1cb8e0f23" TYPE="ext4" PARTUUID="0017f799-01" 
     /dev/md126p2: UUID="80a6ed02-40f5-4a01-b0b0-83ec52478c40" TYPE="swap" PARTUUID="0017f799-02" 
     /dev/md126p3: UUID="c1e1e85a-67d2-43be-8aa6-2acc3f1e0736" TYPE="ext4" PARTUUID="0017f799-03" 
     /dev/md126p5: UUID="3a18fccb-352a-44d2-964b-7f1278e524e4" TYPE="ext4" PARTUUID="0017f799-05" 

* PCI devices (failed: "lspci" AND "/sbin/lspci"):
     N/A

* USB devices (failed: "lsusb" AND "/sbin/lsusb"):
     N/A

* DRM Information (journalctl -k -b | grep -o 'kernel:.*drm.*$' | cut -d ' ' -f 2- ):
     [drm] Initialized drm 1.1.0 20060810
     [drm] Supports vblank timestamp caching Rev 2 (21.10.2013).
     [drm] Driver supports precise vblank timestamp query.
     [drm] Initialized nouveau 1.2.2 20120801 for 0000:0f:00.0 on minor 0

* Xorg modules (grep LoadModule /var/log/Xorg.0.log ~/.local/share/xorg/Xorg.0.log | cut -d \" -f 2 | xargs):

* GL Support (failed: "glxinfo | grep -E "OpenGL version|OpenGL renderer""):
     N/A

* Xorg errors (failed: "grep '^\[.*(EE)' /var/log/Xorg.0.log ~/.local/share/xorg/Xorg.0.log | cut -d ':' -f 2- "):
     N/A

* Kernel buffer tail (dmesg | tail):
     [  902.155648] audit: type=1400 audit(1453938325.197:26): avc:  denied  { read } for  pid=1122 comm="systemd-tmpfile" name="group" dev="md126p3" ino=2756431 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file permissive=0
     [  902.155674] audit: type=1400 audit(1453938325.197:27): avc:  denied  { read } for  pid=1122 comm="systemd-tmpfile" name="group" dev="md126p3" ino=2756431 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file permissive=0
     [  902.155719] audit: type=1400 audit(1453938325.198:28): avc:  denied  { read } for  pid=1122 comm="systemd-tmpfile" name="group" dev="md126p3" ino=2756431 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file permissive=0
     [  902.155735] audit: type=1400 audit(1453938325.198:29): avc:  denied  { read } for  pid=1122 comm="systemd-tmpfile" name="group" dev="md126p3" ino=2756431 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file permissive=0
     [  902.155750] audit: type=1400 audit(1453938325.198:30): avc:  denied  { read } for  pid=1122 comm="systemd-tmpfile" name="group" dev="md126p3" ino=2756431 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file permissive=0
     [  902.155892] audit: type=1400 audit(1453938325.198:31): avc:  denied  { read } for  pid=1122 comm="systemd-tmpfile" name="group" dev="md126p3" ino=2756431 scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file permissive=0
     [  902.322852] systemd[1]: Unit systemd-tmpfiles-clean.service entered failed state.
     [  902.332814] systemd[1]: systemd-tmpfiles-clean.service failed.
     [ 3012.604483] audit_printk_skb: 3 callbacks suppressed
     [ 3012.604488] audit: type=1404 audit(1453940435.647:33): enforcing=0 old_enforcing=1 auid=1000 ses=1

* Last few reboots (last -x -n10 reboot runlevel):
     reboot   system boot  4.1.13-100.fc21. Wed Jan 27 18:30   still running
     reboot   system boot  4.1.13-100.fc21. Wed Jan 27 18:10 - 18:29  (00:18)

     wtmp begins Wed Jan 27 18:10:47 2016

* DNF Repositories (ls -l /etc/yum.repos.d):
     total 12
     -rw-r--r--. 1 root root 1252 Sep 12 10:13 fedora.repo
     -rw-r--r--. 1 root root 1270 Sep 12 10:13 fedora-updates.repo
     -rw-r--r--. 1 root root 1328 Sep 12 10:13 fedora-updates-testing.repo

* DNF Extras (failed: "dnf -C list extras"):
     N/A

* Last 20 packages installed (rpm -qa --nodigest --nosignature --last | head -20):
     fpaste-0.3.7.4-1.fc21.noarch                  Wed 27 Jan 2016 07:22:23 PM EST
     gpg-pubkey-95a43f54-5284415a                  Wed 27 Jan 2016 07:22:16 PM EST
     rootfiles-8.1-17.fc21.noarch                  Wed 27 Jan 2016 06:02:05 PM EST
     fedora-release-nonproduct-21-2.noarch         Wed 27 Jan 2016 06:02:05 PM EST
     uboot-tools-2014.10-5.fc21.x86_64             Wed 27 Jan 2016 06:02:04 PM EST
     grubby-8.40-1.fc21.x86_64                     Wed 27 Jan 2016 06:02:04 PM EST
     e2fsprogs-1.42.12-4.fc21.x86_64               Wed 27 Jan 2016 06:02:04 PM EST
     sudo-1.8.12-1.fc21.x86_64                     Wed 27 Jan 2016 06:02:03 PM EST
     passwd-0.79-5.fc21.x86_64                     Wed 27 Jan 2016 06:02:02 PM EST
     authconfig-6.2.9-4.fc21.x86_64                Wed 27 Jan 2016 06:02:02 PM EST
     yum-3.4.3-153.fc21.noarch                     Wed 27 Jan 2016 06:02:01 PM EST
     openssh-clients-6.6.1p1-16.fc21.x86_64        Wed 27 Jan 2016 06:02:00 PM EST
     selinux-policy-targeted-3.13.1-105.21.fc21.noarch Wed 27 Jan 2016 06:01:59 PM EST
     parted-3.2-9.fc21.x86_64                      Wed 27 Jan 2016 06:01:57 PM EST
     openssh-server-6.6.1p1-16.fc21.x86_64         Wed 27 Jan 2016 06:01:55 PM EST
     audit-2.4.4-1.fc21.x86_64                     Wed 27 Jan 2016 06:01:55 PM EST
     man-db-2.6.7.1-18.fc21.x86_64                 Wed 27 Jan 2016 06:01:54 PM EST
     grub2-2.02-0.13.fc21.x86_64                   Wed 27 Jan 2016 06:01:52 PM EST
     dracut-config-rescue-038-39.git20150518.fc21.x86_64 Wed 27 Jan 2016 06:01:52 PM EST
     NetworkManager-0.9.10.2-5.fc21.x86_64         Wed 27 Jan 2016 06:01:49 PM EST

History

#1 Updated by cpg over 4 years ago

my solution for the ssh access was:

chmod 600 /etc/sshd/ssh*key

below is what the logs said about not being able to login.

Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: It is required that your private key files are NOT accessible by others.
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: This private key will be ignored.
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: bad permissions: ignore key: /etc/ssh/ssh_host_rsa_key
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: Could not load host key: /etc/ssh/ssh_host_rsa_key
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: It is required that your private key files are NOT accessible by others.
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: This private key will be ignored.
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: bad permissions: ignore key: /etc/ssh/ssh_host_ecdsa_key
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: It is required that your private key files are NOT accessible by others.
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: This private key will be ignored.
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: bad permissions: ignore key: /etc/ssh/ssh_host_ed25519_key
Jan 27 20:37:55 localhost.localdomain sshd[1360]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Jan 27 20:37:55 localhost.localdomain sshd[1360]: fatal: No supported key exchange algorithms [preauth]

#2 Updated by bigfoot65 over 4 years ago

Is the SSH issue related to bug #1871? That was listed at the top of the minimal install instructions page.

#3 Updated by cpg over 4 years ago

great catch, i forgot about #1871. It's exactly that!

Also available in: Atom