Skip to content

Configure the SSH access (bsc#1257212)#3079

Merged
lslezak merged 3 commits intomasterfrom
ssh-config
Jan 28, 2026
Merged

Configure the SSH access (bsc#1257212)#3079
lslezak merged 3 commits intomasterfrom
ssh-config

Conversation

@lslezak
Copy link
Copy Markdown
Contributor

@lslezak lslezak commented Jan 27, 2026

Problem

Solution

  • Enable the SSH service and open the SSH port in firewall when an SSH key for the root user is set.

Testing

  • Tested manually in openSUSE Tumbleweed installation

From the Agama web server log:

Jan 27 17:12:23 agama agama-web-server[7059]: The sshd service has been successfully enabled
Jan 27 17:12:23 agama agama-web-server[7059]: The SSH port has been successfully opened in firewall

After reboot the SSH server is running:

localhost:~ # systemctl status sshd
* sshd.service - OpenSSH Daemon
     Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; preset: disabled)
     Active: active (running) since Tue 2026-01-27 17:20:54 CET; 7min ago
 Invocation: d2bd9a0b08724845ac0e963f215bc437
    Process: 833 ExecStartPre=/usr/sbin/sshd-gen-keys-start (code=exited, status=0/SUCCESS)
    Process: 925 ExecStartPre=/usr/sbin/sshd -t $SSHD_OPTS (code=exited, status=0/SUCCESS)
   Main PID: 928 (sshd)
      Tasks: 1
        CPU: 559ms
     CGroup: /system.slice/sshd.service
             `-928 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

Jan 27 17:20:54 localhost.localdomain systemd[1]: Starting OpenSSH Daemon...
Jan 27 17:20:54 localhost.localdomain sshd-gen-keys-start[833]: Checking for missing server keys in /etc/ssh
Jan 27 17:20:54 localhost.localdomain sshd-gen-keys-start[837]: ssh-keygen: generating new host
    keys: RSA ECDSA ED25519
Jan 27 17:20:54 localhost.localdomain sshd[928]: Server listening on 0.0.0.0 port 22.
Jan 27 17:20:54 localhost.localdomain sshd[928]: Server listening on :: port 22.
Jan 27 17:20:54 localhost.localdomain systemd[1]: Started OpenSSH Daemon.
Jan 27 17:21:37 localhost.localdomain sshd-session[1239]: Accepted publickey for root from 192.168.1.113
    port 55518 ssh2: ED25519 SHA256:bUer1LwyLc...
Jan 27 17:21:37 localhost.localdomain sshd-session[1239]: pam_unix(sshd:session): session opened for user
    root(uid=0) by root(uid=0)

I could log in using the configured SSH key, as mentioned in the log above.

Notes

  • The firewall port is by default open in Tumbleweed, but even opening an already open port works fine. 😃
  • Because the firewall might not be always installed it ignores the "not found" error.
  • I updated the code which sets the SSH key file permissions so it directly creates the file with the correct permissions. There was a race condition between creating the file and setting the permissions. Although it should not be a problem in Agama as there should be no other running processes but it still should be done correctly.

@lslezak
Configure the SSH access (bsc#1257212)
6df6a29 
Enable the SSH service and open the SSH port in firewall when
an SSH key for the root user is set.
imobachgs
imobachgs approved these changes Jan 28, 2026
View reviewed changes
rust/agama-users/src/model.rs
.args(["systemctl", "enable", "sshd.service"])
.output()?;

if !systemctl.status.success() {
Copy link
Copy Markdown
Contributor

@imobachgs imobachgs Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I already talked about this with @mchf: we might want to abstract the chroot and the handling of the success/failures. But definitely, something for the future please, not now :-)

lslezak and others added 2 commits January 28, 2026 10:48
@lslezak @imobachgs
Update rust/agama-users/src/model.rs
b461399 
Co-authored-by: Imobach González Sosa <igonzalezsosa@suse.com>
@lslezak @imobachgs
Update rust/agama-users/src/model.rs
fa28672 
Co-authored-by: Imobach González Sosa <igonzalezsosa@suse.com>
@lslezak lslezak merged commit ce50e94 into master Jan 28, 2026
16 checks passed
@lslezak lslezak deleted the ssh-config branch January 28, 2026 10:03
@imobachgs imobachgs mentioned this pull request Mar 17, 2026
Merged
imobachgs added a commit that referenced this pull request Mar 17, 2026
@imobachgs
Release version 19 (#3292)
e4e1132 
Prepare to release version 19.

* #1829
* #2508
* #2772
* #2818
* #2826
* #2848
* #2860
* #2863
* #2864
* #2866
* #2867
* #2869
* #2870
* #2871
* #2872
* #2873
* #2874
* #2875
* #2876
* #2877
* #2880
* #2881
* #2882
* #2884
* #2885
* #2886
* #2891
* #2892
* #2893
* #2894
* #2895
* #2896
* #2897
* #2898
* #2899
* #2900
* #2901
* #2902
* #2903
* #2904
* #2908
* #2909
* #2910
* #2912
* #2913
* #2914
* #2915
* #2916
* #2917
* #2918
* #2920
* #2921
* #2923
* #2924
* #2926
* #2928
* #2929
* #2930
* #2933
* #2934
* #2935
* #2936
* #2937
* #2938
* #2939
* #2942
* #2943
* #2944
* #2945
* #2946
* #2947
* #2948
* #2949
* #2950
* #2951
* #2952
* #2954
* #2955
* #2956
* #2957
* #2958
* #2959
* #2960
* #2961
* #2963
* #2964
* #2965
* #2967
* #2968
* #2969
* #2970
* #2971
* #2972
* #2974
* #2975
* #2977
* #2978
* #2980
* #2981
* #2982
* #2983
* #2984
* #2988
* #2989
* #2990
* #2991
* #2992
* #2993
* #2994
* #2995
* #2996
* #2997
* #2998
* #2999
* #3000
* #3001
* #3002
* #3004
* #3005
* #3006
* #3007
* #3008
* #3009
* #3011
* #3012
* #3013
* #3014
* #3015
* #3016
* #3018
* #3019
* #3020
* #3021
* #3022
* #3023
* #3024
* #3025
* #3026
* #3027
* #3028
* #3029
* #3030
* #3031
* #3033
* #3034
* #3035
* #3036
* #3037
* #3039
* #3040
* #3041
* #3042
* #3043
* #3044
* #3045
* #3046
* #3047
* #3048
* #3049
* #3050
* #3051
* #3052
* #3053
* #3054
* #3055
* #3056
* #3057
* #3058
* #3060
* #3061
* #3062
* #3063
* #3064
* #3065
* #3066
* #3067
* #3068
* #3069
* #3070
* #3071
* #3072
* #3073
* #3074
* #3075
* #3076
* #3077
* #3078
* #3079
* #3086
* #3087
* #3088
* #3089
* #3090
* #3091
* #3092
* #3093
* #3094
* #3095
* #3096
* #3097
* #3098
* #3099
* #3100
* #3101
* #3102
* #3103
* #3104
* #3105
* #3106
* #3107
* #3108
* #3109
* #3110
* #3112
* #3113
* #3114
* #3115
* #3116
* #3117
* #3118
* #3119
* #3120
* #3122
* #3123
* #3124
* #3127
* #3128
* #3129
* #3130
* #3131
* #3133
* #3134
* #3135
* #3136
* #3137
* #3138
* #3139
* #3140
* #3141
* #3142
* #3143
* #3144
* #3145
* #3146
* #3147
* #3148
* #3149
* #3150
* #3151
* #3152
* #3153
* #3154
* #3155
* #3157
* #3158
* #3159
* #3160
* #3161
* #3162
* #3163
* #3164
* #3165
* #3166
* #3167
* #3168
* #3169
* #3170
* #3174
* #3175
* #3176
* #3177
* #3178
* #3179
* #3181
* #3182
* #3184
* #3185
* #3186
* #3188
* #3189
* #3190
* #3191
* #3192
* #3194
* #3195
* #3196
* #3197
* #3198
* #3199
* #3200
* #3201
* #3202
* #3203
* #3205
* #3206
* #3208
* #3209
* #3210
* #3213
* #3214
* #3215
* #3216
* #3217
* #3218
* #3219
* #3220
* #3222
* #3223
* #3224
* #3225
* #3226
* #3227
* #3228
* #3229
* #3230
* #3231
* #3232
* #3233
* #3234
* #3235
* #3236
* #3237
* #3238
* #3239
* #3240
* #3241
* #3242
* #3243
* #3244
* #3246
* #3247
* #3248
* #3250
* #3251
* #3252
* #3253
* #3254
* #3255
* #3256
* #3257
* #3258
* #3259
* #3260
* #3261
* #3262
* #3263
* #3265
* #3266
* #3267
* #3268
* #3269
* #3270
* #3271
* #3272
* #3273
* #3274
* #3275
* #3276
* #3277
* #3278
* #3279
* #3280
* #3281
* #3282
* #3283
* #3284
* #3285
* #3286
* #3287
* #3288
* #3289
* #3290
* #3291
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@imobachgs imobachgs imobachgs approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lslezak @imobachgs