Ubuntu
ltsp package

LTSP on natty doesn't support ecdsa ssh key. Login impossible

Bug #727339 reported by Stéphane Graber
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ltsp (Ubuntu)
Fix Released
Undecided
Stéphane Graber
Natty
Fix Released
Undecided
Stéphane Graber

Bug Description

Natty's ssh uses ecdsa keys when available.
Current LTSP only support copying rsa and dsa keys to the chroot, so when a user tries to login it'll fail as ssh in the background is prompting the user to accept the ecdsa key.

A fix has been pushed to upstream ltsp to add support in ltsp-update-sshkeys for ecdsa keys and the corresponding change will also be applied to Edubuntu's postinst LTSP script (copying the ecdsa key from the server when it exists).

Currently, any LTSP install:
 - From Ubuntu Alternate
 - By installing ltsp-server directly
 - Using Edubuntu live
 - By install ltsp from the Edubuntu installer

Will fail until the user updates to a newer ltsp and runs: sudo ltsp-update-sshkeys && sudo ltsp-update-image

Related branches

lp:ubuntu/natty/ltsp
Revision history for this message
Stéphane Graber (stgraber) wrote :

Just released ltsp 5.2.6 upstream which contains the needed fix, here's the full upstream changelog:

------------------------------------------------------------
revno: 1806
tags: ltsp-5.2.6
committer: Stéphane Graber <email address hidden>
branch nick: ltsp-trunk
timestamp: Tue 2011-03-01 13:57:43 -0500
message:
  version 5.2.6
------------------------------------------------------------
revno: 1805
committer: Stéphane Graber <email address hidden>
branch nick: ltsp-trunk
timestamp: Tue 2011-03-01 13:55:09 -0500
message:
  Add support for ecdsa keys in ltsp-update-sshkeys (shouldn't affect distros where ecdsa keys aren't supported)
------------------------------------------------------------
revno: 1804
committer: Vagrant Cascadian <email address hidden>
branch nick: ltsp-trunk
timestamp: Tue 2011-02-22 14:00:17 -0800
message:
  ltsp_config: ensure /proc/meminfo exists before using it when checking for
  FAT_RAM_THRESHOLD, otherwise scripts running with "set -e" could disasterously
  fail.
------------------------------------------------------------
revno: 1803
committer: Stéphane Graber <email address hidden>
branch nick: ltsp-trunk
timestamp: Wed 2011-02-09 13:58:44 -0500
message:
  Turn off nbd-proxy by default (for now)
------------------------------------------------------------
revno: 1802
committer: Gideon Romm <email address hidden>
branch nick: ltsp-trunk
timestamp: Thu 2011-01-06 15:55:58 -0500
message:
  Dereference asterisk in find_opts. Otherwise, this fails sometimes.
------------------------------------------------------------
revno: 1801
committer: Wim Muskee <email address hidden>
branch nick: ltsp-trunk
timestamp: Thu 2011-01-06 18:32:15 +0100
message:
  Gentoo: some cleaning in plugins, including fix for #409547
------------------------------------------------------------
revno: 1800
committer: Wim Muskee <email address hidden>
branch nick: ltsp-trunk
timestamp: Thu 2010-12-30 18:22:13 +0100
message:
  Gentoo: removing hal stuff because xorg 1.9 is stable.
------------------------------------------------------------
revno: 1799
committer: Wim Muskee <email address hidden>
branch nick: ltsp-trunk
timestamp: Tue 2010-12-21 19:39:35 +0100
message:
  Gentoo: used moved start_screen_sessions, see launchpad #687296 for more info.
------------------------------------------------------------
revno: 1798
committer: Vagrant Cascadian <email address hidden>
branch nick: ltsp-trunk
timestamp: Mon 2010-12-20 11:48:52 -0800
message:
  Move code from ltsp-core to start screen sessions into a start_screen_sesssions
  function in ltsp-init-common, so that other distros can make use of it. See
  launchpad bug #687296 for more information.
------------------------------------------------------------
revno: 1797
committer: Wim Muskee <email address hidden>
branch nick: ltsp-trunk
timestamp: Sat 2010-12-18 21:08:50 +0100
message:
  Gentoo: qs profile, some cleanup.
------------------------------------------------------------
revno: 1796
tags: ltsp-5.2.5
committer: Stéphane Graber <email address hidden>
branch nick: ltsp-trunk
timestamp: Sun 2010-12-05 22:58:31 -0500
message:
  version 5.2.5

Changed in ltsp (Ubuntu Natty):
assignee: nobody → Stéphane Graber (stgraber)
status: New → In Progress
Revision history for this message
Stéphane Graber (stgraber) wrote :

The only non-bugfix items above are in the Gentoo distro code which isn't called at all in Ubuntu.

Fixes affecting Ubuntu are:
 - 1803: Disable nbd-proxy by default (fixes thin clients hanging at boot time)
 - 1805: ecdsa key support
 - 1798: Just moving code, no real code change
 - 1802: Syntax issue in a "find" call
 - 1804: Fixes a possible race condition with fat clients (not used by default in Ubuntu)

Revision history for this message
Scott Kitterman (kitterman) wrote :

Ack. FFe approved for after Alpha 3.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ltsp - 5.2.6-0ubuntu1

---------------
ltsp (5.2.6-0ubuntu1) natty; urgency=low

  * New upstream bugfix release (LP: #727339).
   - Disable nbd-proxy by default (fixes thin clients hanging at boot time)
   - ecdsa key support
   - Syntax issue in a "find" call
   - Fixes a possible race condition with fat clients

  * Update postinst script to handle ecdsa keys for edubuntu
 -- Stephane Graber <email address hidden> Thu, 03 Mar 2011 16:09:47 -0500

Changed in ltsp (Ubuntu Natty):
status: In Progress → Fix Released
Revision history for this message
ior (blitzkriegbop) wrote :

ltsp - 5.2.8
ecdsa key disappeared

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.