sshd doesn’t start in Solaris zone

This describes a quite silly problem I once had. Google had no useful search results, so I’m putting the solution here for the sake of all the lost souls not knowing why their pet sshd doesn’t want to run in a Solaris zone. Yes, you can solve it using truss and analyzing SMF startup methods. But I think there are better ways to spend your time.

The solution was found by me and my friend one warm Polish summer night. Here we go, then!

Solaris zone tutorials will tell you something along the lines of:

netra / $ zonecfg -z wibble
Sorry, I don't know anything about your "screen" terminal.
netra / $ export TERM=vt100
netra / $ zonecfg -z wibble
wibble: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:wibble> create
zonecfg:wibble> set autoboot=true
zonecfg:wibble> add net
zonecfg:wibble:net> set address=10.0.1.63
zonecfg:wibble:net> set physical=eri0
zonecfg:wibble:net> end
zonecfg:wibble> set zonepath=/zones/wibble
zonecfg:wibble> verify
zonecfg:wibble> commit
zonecfg:wibble> exit
netra / $ zoneadm -z wibble install
Preparing to install zone <wibble>.
Creating list of files to copy from the global zone.
Copying <8442> files to the zone.
Initializing zone product registry.
Determining zone package initialization order.
Preparing to initialize <239> packages on the zone.
Initialized <239> packages on zone.
Zone <wibble> is initialized.
The file </zones/wibble/root/var/sadm/system/logs/install_log> contains a log of the zone installation.
netra / $ zoneadm -z wibble boot

At this point, I was pretty convinced I would already be able to log into the zone via ssh and IP address 10.0.1.63. But there was nothing listening on port 22 in the zone. I logged into it to find the problem.

netra / $ zlogin wibble
[Connected to zone 'wibble' pts/2]
Sun Microsystems Inc.   SunOS 5.10      Generic January 2005
# ▊

I spent a bit of time there, looking for reasons. Ssh service was offline.

bash-3.00# svcs -a | grep ssh
offline         1:48:51 svc:/network/ssh:default

Using svcs -x -v, I’ve found out that sshd was not running because of network/rpc/gss, which depends on network/inetd, which depends on system/sysidtool. And sysidtool is ‘starting’.

It turns out, after booting a zone, you need to zlogin to its console, that is you have to use ‘zlogin -C wibble’ command. You’ll then be presented with a text installer interface.

This means, that even though ‘zoneadm -z wibble install’ completes, your zone isn’t quite as installed as you would wish. It still doesn’t know its locale, terminal settings, it doesn’t have ssh public/private key pairs, hostname, DNS server (name service configuration), NFSv4 domain configuration, time zone and root password.

zlogin -C zonename

…is your friend!

Advertisements

register365 and scp

My current hosting provider, hosting365 register365, is a traditional-style shared hosting service, where file upload is still done via FTP with passwords sent as clear text. They provide ssh access on demand, and it has to be manually approved by company’s staff. I don’t understand why don’t they provide shell by default. Maybe it’s part of being a traditional style hosting and trying to avoid the word “shell” or anything like it.

Shell they provide, but what about public key authentication? No, they don’t. As this is turned on by default in all Linux installations, they must have switched this option off. Why did they do that, remains a mystery as public key authentication is no less secure than password entry.

Continue reading “register365 and scp”