ConfD User Community

ConfD Installation on Qemux86-64


#1

I built a qemux86-64 using yocto and when executing the confD basic 6.7 installation script, I encountered these messages in the terminal

head: invalid option – ‘1’
BusyBox v1.29.3 (2019-08-07 00:15:42 UTC) multi-call binary.

Usage: head [OPTIONS] [FILE]…
head: invalid option – ‘1’
BusyBox v1.29.3 (2019-08-07 00:15:42 UTC) multi-call binary.

Reset of the messages under “INFO” look normal once the script finishes execution

I’m able to start confD locally and launch the cli. Now the issue is when I try to connect to the daemon from a remote host, I get a “Permission denied, please try again.” message.

Command I use to ssh:

ssh -p 2024 root@ip address of confD server

Just a FYI: I installed confd basic on a regular linux ubuntu x86 machine, and I’m able to remotely connect to the daemon via cli.


#2

Hm, I don’t think it is related to your subsequent problem, but it seems the BusyBox head command has dropped support for the traditional head -<number> invocation to save a few bytes on the executable size - at least I believe installing on a BusyBox system has worked without problems in the past. Perhaps the ConfD installer should be changed to use the POSIX-standard head -n <number> invocation. If you’re brave:-), you could try modifying the installer (the initial part is a shell script) with sed 's/head -1/head -n 1/'

This indicates that the errors from the installer aren’t actual problems - those invocations of head are just part of the logic to report missing libraries, and if you actually had some missing libraries, you would probably not be able to start ConfD, far less make an ssh connection get as far as a rejected authentication.

The initial install does not include a local user called root (only admin and oper) - did you create it? Or do you expect ConfD to use PAM for authentication of root? PAM is enabled in the sample confd.conf, but it typically requires a bit more setup, see the User Guide. Additionally many Linux distros are set up with an “invalid” password for root, expecting you to use sudo instead of logging in as root or using su. In any case, check the audit log, it may have more information on the reason for the failed authentication.


#3

I followed your suggestion and you were correct , the modified installer works fine on a Yocto qemux86-64 core-image-base with “head -n 1”. I should also mention that I added these 2 lines to the Yocto local.conf file
CORE_IMAGE_EXTRA_INSTALL += " ldd openssl10"
DISTRO_FEATURES_append += “pam”
ldd and pam were required to install Confd error and warning free

I added a user admin/admin on my qemux86-64 target, but I still was not able to “ssh -p 2024 admin@192.168.7.2”. I got an error message “Unable to negotiate with 192.168.7.2 port 2024: no matching host key type found. Their offer:” On the target, under my Confd installation directory /etc/confd/ssh, I generated a new key with “ssh-keygen -m pem -t rsa -f ssh_host_rsa_key -N ‘’” and that fixed the ssh connection problem, the CLI now comes up. It looks like a problem with my ssh-keygen utility maybe? I haven’t had a chance to read about the “-m pem” option so I don’t understand why it fixes my problem.


#4

Great!

Missing them should not be critical - ldd is only used by the installer, to be able to report missing libraries - and once you have it installed, the installer is able to report that libpam is missing:-) - but it’s actually not needed if you don’t intend to use PAM.

It’s a known issue, probably mentioned elsewhere on the forum - as of OpenSSH-7.8, the ssh-keygen command by default writes private keys in “OpenSSH format”, which ConfD couldn’t handle. It has been fixed (i.e. ConfD can now read that format), but I don’t believe the fix is in any of the ConfD Basic releases yet - should appear in ConfD-7.2.


#5

Thank you, I just looked on the download page and there is a Basic version 7.1.1
I will try, but based on your reply the ssh key format will not be fixed in this version. When will version 7.2 be released, I am just curious?


#6

ConfD Basic 7.2.0.1 will hopefully be available on the download server by the end of the month.