I can’t reproduce. Could you provide more details?
Issue happened on two different virtual machines. yum history undo or nethserver-cockpit downgrade solved the issue.
Tried again one of the machines restoring from an older snapshot and couldn’t reproduce the problem.
Tried once more (all up to date) and this time an error messages popped up after disabling both checkboxes (root login, password auth):
echo ‘{“name”:“sshd”,“props”:{“PasswordAuthentication”:“0”,“PermitRootLogin”:“0”,“TCPPort”:“2222”},“type”:“service”}’ | /usr/bin/sudo /usr/libexec/nethserver/api/system-openssh/update | jq
Type of argument to keys on reference must be unblessed hashref or arrayref at /usr/libexec/nethserver/api/system-openssh/update line 42.
After this, cannot save SSH settings from cockpit but works from nethgui.
Installed nethserver packages
[root@server ~]# rpm -qa nethserver-\*|sort
nethserver-backup-config-2.4.1-1.ns7.noarch
nethserver-backup-data-1.7.1-1.ns7.noarch
nethserver-base-3.7.5-1.ns7.noarch
nethserver-cockpit-1.4.5-1.ns7.noarch
nethserver-cockpit-lib-1.4.5-1.ns7.noarch
nethserver-collectd-3.1.0-1.ns7.noarch
nethserver-dc-1.8.0-1.ns7.x86_64
nethserver-diagtools-1.0.3-1.ns7.noarch
nethserver-dnsmasq-1.7.0-1.ns7.noarch
nethserver-duc-1.7.0-1.ns7.noarch
nethserver-firewall-base-3.8.8-1.ns7.noarch
nethserver-hosts-1.2.2-1.ns7.noarch
nethserver-httpd-3.7.6-1.ns7.noarch
nethserver-httpd-admin-2.4.0-1.ns7.noarch
nethserver-lang-cockpit-1.4.4-2.ns7.noarch
nethserver-lang-en-1.4.4-2.ns7.noarch
nethserver-letsencrypt-1.1.6-1.ns7.noarch
nethserver-lib-2.2.11-1.ns7.noarch
nethserver-lsm-1.2.3-1.ns7.noarch
nethserver-mail-smarthost-2.12.0-1.ns7.noarch
nethserver-mysql-1.1.4-1.ns7.noarch
nethserver-nethforge-release-7-3.ns7.noarch
nethserver-nextcloud-1.9.0-1.ns7.noarch
nethserver-ntp-1.1.3-1.ns7.noarch
nethserver-openssh-1.4.1-1.ns7.noarch
nethserver-phonehome-1.4.0-1.ns7.noarch
nethserver-php-1.2.1-1.ns7.noarch
nethserver-release-7-16.ns7.noarch
nethserver-rh-php72-php-fpm-1.1.1-1.ns7.noarch
nethserver-smartd-1.1.0-1.ns7.noarch
nethserver-sssd-1.6.0-1.ns7.noarch
nethserver-subscription-3.5.3-1.ns7.noarch
nethserver-subscription-inventory-3.5.3-1.ns7.x86_64
nethserver-subscription-ui-3.5.3-1.ns7.noarch
nethserver-yum-1.4.1-1.ns7.noarch
1 Like
I will try to reproduce it tomorrow.
1 Like
please what is the output
config show sshd
config show sssd
I cannot reproduce 
we have implemented a new prop under sssd
config setprop sssd ShellOverrideStatus enabled #### default disabled
signal-event nethserver-sssd-save
the $sshd{AllowGroups} could be tested also
ok I can reproduce
echo '{"name":"sshd","props":{"PasswordAuthentication":"0","PermitRootLogin":"0","TCPPort":"2222"},"type":"service"}' | /usr/bin/sudo /usr/libexec/nethserver/api/system-openssh/update | jq
Type of argument to keys on reference must be unblessed hashref or arrayref at /usr/libexec/nethserver/api/system-openssh/update line 42.
but this is not what the UI output normally in the web console
echo '{"name":"sshd","props":{"PasswordAuthentication":"0","PermitRootLogin":"0","TCPPort":"23","AllowGroups":{},"AllowEveryone":"none"},"type":"service"}' | /usr/bin/setsid /usr/bin/sudo /usr/libexec/nethserver/api/system-openssh/update | jq
I suspect that cockpit has not been restarted and you still have the old UI in the browser cache
1 Like
[root@server ~]# config show sshd
sshd=service
AllowEveryone=
AllowGroups=
LoginGraceTime=2m
MaxAuthTries=6
PasswordAuthentication=0
PermitRootLogin=0
Protocol=2
SubsystemSftp=yes
TCPPort=2222
UsePAM=yes
access=green,red
status=enabled
[root@server ~]# config show sssd
sssd=service
AdDns=10.0.0.2
BindDN=ldapservice@ad.domain.tld
BindPassword=*************
DiscoverDcType=ldapuri
LdapURI=ldaps://nsdc-server.ad.domain.tld
Provider=ad
Realm=ad.domain.tld
ShellOverrideStatus=disabled
Workgroup=DOMAIN
status=enabled
Notice from cockpit values are set to 0, fron nethgui are blank when disabled. But prior to this update I think it was the same and working:
PasswordAuthentication=0
PermitRootLogin=0
The error just showed one time, son I don’t know if it should be different now.
Tried with different browsers, incognito/private window and clearing cache.
Same after rebooting server, signal-event nethserver-cockpit-update or systemctl restart cockpit.service
There was something related to cockpit restart and certficates. Don’t know if it has anything to do with this:
Could you update again and check what is now the validation/update output in the console, the code does right, it is the UI which doesnt output what the API expects
Update what?
Info message on browser console (no error):
API exec: system-openssh/validate
$ echo '{"name":"sshd","props":{"PasswordAuthentication":"0","PermitRootLogin":"yes","TCPPort":"2222","AllowGroups":{},"AllowEveryone":""},"type":"service"}' | /usr/bin/sudo /usr/libexec/nethserver/api/system-openssh/validate | jq
Using that command on terminal it gives:
[root@server ~]# echo '{"name":"sshd","props":{"PasswordAuthentication":"0","PermitRootLogin":"yes","TCPPort":"2222","AllowGroups":{},"AllowEveryone":""},"type":"service"}' | /usr/bin/sudo /usr/libexec/nethserver/api/system-openssh/validate | jq
{
"type": "NotValid",
"message": "validation_failed",
"attributes": [
{
"parameter": "AllowEveryone",
"value": "",
"error": "valid_memberOf_none, sftp, sftp+ssh"
}
]
}
Does this create the error message in the terminal, it should not
The update occurs after the validation innthe web console o fyour browser
I bet it is a regression introduced by the last update. @dnutan, can we say to use Nethgui to workaround the issue?
Yes, from nethgui it works as expected.
1 Like
You showed us the validation, could you show us the update
Thank in advance
of course you have a validation error, the AllowEveryone could not accept an empty value
I am short of idea and I cannot reproduce …
Did you try to
- revert to the old package
- remove new props in sssd and sshd (shelloverride included)
- initialize-default-databases
- upgrade again
lookat this @davidep, it looks that the UI used the old API code, the new one is
echo '{"name":"sshd","props":{"PasswordAuthentication":"yes","PermitRootLogin":"yes","TCPPort":"23","AllowGroups":{},"AllowEveryone":"none"},"type":"service"}' | /usr/bin/setsid /usr/bin/sudo /usr/libexec/nethserver/api/system-openssh/update | jq
Why the UI tried to communicate with the old API and not the new one
Because the js code loaded by the browser wasn’t updated? Does the problem disappear after a full page reload (Ctrl+r or Ctrl+f5)?
1 Like
No, same problem after page reload and with another browser.
1 Like
Sorry, I still don’t get it about the update. Nothing else on console after the API call.
1 Like
After manually setting config setprop sshd AllowEveryone none it passes the validate action an it works.
API exec: system-openssh/validate$ echo '{"name":"sshd","props":{"PasswordAuthentication":"yes","PermitRootLogin":"yes","TCPPort":"2222","AllowGroups":{},"AllowEveryone":"none"},"type":"service"}' | /usr/bin/sudo /usr/libexec/nethserver/api/system-openssh/validate | jq
nethserver.js:41 API exec: system-openssh/update$ echo '{"name":"sshd","props":{"PasswordAuthentication":"yes","PermitRootLogin":"yes","TCPPort":"2222","AllowGroups":{},"AllowEveryone":"none"},"type":"service"}' | /usr/bin/setsid /usr/bin/sudo /usr/libexec/nethserver/api/system-openssh/update | jq
1 Like