[Bug 537980] New: Opening SSH port in firewall should start SSH
http://bugzilla.novell.com/show_bug.cgi?id=537980 Summary: Opening SSH port in firewall should start SSH Classification: openSUSE Product: openSUSE 11.2 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Installation AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: binner@kde.org QAContact: jsrain@novell.com Found By: --- User-Agent: Mozilla/5.0 (compatible; Konqueror/4.2; Linux) KHTML/4.2.4 (like Gecko) SUSE When opting to open the SSH port in the firewall during installation there should be a dialog asking whether one wants to have sshd started or at least a warning that it's not started by default anymore. Reproducible: Always -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 User meissner@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=537980#c1 Marcus Meissner <meissner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |yast2-maintainers@suse.de |ovo.novell.com | --- Comment #1 from Marcus Meissner <meissner@novell.com> 2009-09-10 05:25:48 MDT --- can we do that in yast? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 User kmachalkova@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=537980#c2 Katarina Machalkova <kmachalkova@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|yast2-maintainers@suse.de |kmachalkova@novell.com --- Comment #2 from Katarina Machalkova <kmachalkova@novell.com> 2009-09-10 06:33:37 MDT --- I'll take this one (as I wrote fw config sub-proposal in the first stage) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 User kmachalkova@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=537980#c3 --- Comment #3 from Katarina Machalkova <kmachalkova@novell.com> 2009-09-10 06:41:47 MDT ---
can we do that in yast?
Yes. In either of these two ways: * Make it user's choice, akin to opening/closing ssh port with clickable links, like this: Firewall will be enabled (disable) SSH port will be open (close) SSH service will be enabled (disable) <-- not sure what is the correct wording (we'd need to update documentation then, and Coolo should know as well, although only few lines of code, it is a "little" feature request) * Do not ask user anything and assume that opening SSH port would mean also insserv-ing SSH service (easy and no docu update needed) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 User meissner@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=537980#c4 --- Comment #4 from Marcus Meissner <meissner@novell.com> 2009-09-10 08:16:48 MDT --- I think they should be folded into 1 option to avoid bloat. * SSH service disabled and closed in firewall (enable and open) -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 User max@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=537980#c5 --- Comment #5 from Reinhard Max <max@novell.com> 2009-09-10 08:33:03 MDT --- If there is only one item "disabled and closed" vs. "enabled and open", there is no need to confuse people by mentioning the firewall at all. * SSH service will be enabled (disable) In the case of two options for enabling and opening the port, I'd suggest the following wording: * SSH service will be started (do not start) * SSH port will be open (close) But I still fail to see a point in closing the port of a not running service, and of starting sshd, but not opening the port as well. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 User lnussel@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=537980#c6 Ludwig Nussel <lnussel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lnussel@novell.com --- Comment #6 from Ludwig Nussel <lnussel@novell.com> 2009-09-14 02:43:22 MDT --- (In reply to comment #5)
If there is only one item "disabled and closed" vs. "enabled and open", there is no need to confuse people by mentioning the firewall at all.
I tend to agree. I'd suggest to implement a "remote access/login" proposal instead of a firewall proposal, at least in the install mode without interactive second stage. ie something like * remote access is disabled I'd not offer quick switch buttons. Instead clicking the line should always open a full configuration dialog.
But I still fail to see a point in closing the port of a not running service,
The port isn't explicitly 'closed'. Instead the Firewall just drops all packets you don't explicitly allow.
and of starting sshd, but not opening the port as well.
When configuring a router you'd have interfaces in the external and in the internal zone. ssh would automatically be accessible from the internal zones in that case. Opening the port here would mean allowing ssh access from the internet. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 User max@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=537980#c7 --- Comment #7 from Reinhard Max <max@novell.com> 2009-09-14 06:20:21 MDT --- (In reply to comment #6)
I'd suggest to implement a "remote access/login" proposal instead of a firewall proposal, at least in the install mode without interactive second stage. ie something like
* remote access is disabled
I think similar wording is already being used for the VNC kind of remote access, so either SSH should be mentioned here or the link should lead to a single dialog that controls all kinds of remote access that we support. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 User binner@kde.org added comment http://bugzilla.novell.com/show_bug.cgi?id=537980#c8 Stephan Binner <binner@kde.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |radomir.cernoch@gmail.com --- Comment #8 from Stephan Binner <binner@kde.org> 2009-09-15 03:51:18 MDT --- *** Bug 539215 has been marked as a duplicate of this bug. *** http://bugzilla.novell.com/show_bug.cgi?id=539215 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 User pmladek@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=537980#c9 Petr Mladek <pmladek@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pmladek@novell.com --- Comment #9 from Petr Mladek <pmladek@novell.com> 2009-09-22 04:02:51 MDT --- I expect that your are talking about the installation wizard that it not visible when you choose the automatic configuration. I am not sure how many and how experienced users use ssh but I think that this is one of the basic Linux functions and it should be easy to enable it. I think that we want to gain developers to use openSUSE. Many of them might want running ssh... How to enable it with automatic configuration during installation? Is it worth to take care of it? How to enable it on installed system? It is a bit painful to enable in on two locations (System Services, Firewall). -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 User kmachalkova@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=537980#c10 Katarina Machalkova <kmachalkova@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |ASSIGNED --- Comment #10 from Katarina Machalkova <kmachalkova@novell.com> 2009-09-29 03:38:06 MDT --- Done in 1st stage firewall proposal 2nd stage (non-automatic configuration) is still pending -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 User kmachalkova@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=537980#c11 Katarina Machalkova <kmachalkova@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #11 from Katarina Machalkova <kmachalkova@novell.com> 2009-10-26 03:40:38 MDT --- y2-firewall 2.18.1 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 User max@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=537980#c12 Reinhard Max <max@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Version|Factory |Final Resolution|FIXED | --- Comment #12 from Reinhard Max <max@novell.com> 2009-11-12 07:21:25 MST --- Katatrina, I think the behaviour of 11.2 final is still strange. There doesn't seem to be a way to enable ssh during installation without enabling the firewall as well. The ssh option disappears or gets greyed outn (depending on context) when the firewall gets disabled. Is that intentional? Maybe the wording of the ssh option could change from "open and enable" to just "enable" when the firewall gets deselected, but enabling ssh should always be possible, regardless whether the firewall is enabled or disabled. BTW, why is there a separate "Firewall and SSH Configuration" dialog if it doesn't contain options or choices that aren't alrady available via the direct links in the installation overview window? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 User kmachalkova@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=537980#c13 --- Comment #13 from Katarina Machalkova <kmachalkova@novell.com> 2009-11-12 07:51:16 MST --- (In reply to comment #12)
There doesn't seem to be a way to enable ssh during installation without enabling the firewall as well. The ssh option disappears or gets greyed outn (depending on context) when the firewall gets disabled. Is that intentional?
Hmm, it is consistent with 2nd stage fw proposal and yast2-firewall in general - if fw is disabled, it does not make sense for any services to open ports in it
Maybe the wording of the ssh option could change from "open and enable" to just "enable" when the firewall gets deselected,
The wording here is based on _Marcus_'s proposal in comment #4, to "avoid bloat". -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 User kmachalkova@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=537980#c14 --- Comment #14 from Katarina Machalkova <kmachalkova@novell.com> 2009-11-12 07:54:47 MST --- (In reply to comment #12
BTW, why is there a separate "Firewall and SSH Configuration" dialog if it doesn't contain options or choices that aren't alrady available via the direct links in the installation overview window?
If it is the dialog that opens after clicking on Firewall and SSH headline in the main proposal screen (or selecting corresponding menu entry), it is because of principle of least surprise. Some dialog should be open after clicking on any headline in installation proposal (see bug #203817, or bug #539289). Otherwise all proposals are just reloaded and nothing changes. I know it's crappy, and it would be better to e.g. make the link unclickable if there is nothing more to configure in extra dialog, but changing that requires rather intrusive modifications to how proposals and links are handled now. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 User kmachalkova@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=537980#c15 --- Comment #15 from Katarina Machalkova <kmachalkova@novell.com> 2009-11-12 08:00:25 MST --- And finally: What would you propose then? Rename SSH entry to : * SSH service will be started (do not start) and if the firewall happened to be enabled, it would not only start the service, but also opened SSH port in fw? Would that be acceptable? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 User max@novell.com added comment http://bugzilla.novell.com/show_bug.cgi?id=537980#c16 --- Comment #16 from Reinhard Max <max@novell.com> 2009-11-12 08:56:52 MST --- (In reply to comment #13)
Hmm, it is consistent with 2nd stage fw proposal and yast2-firewall in general - if fw is disabled, it does not make sense for any services to open ports in it
I am not asking for being able to open ports in a disabled firewall, but for being able to enable the sshd service regardless of the firewall setting.
Maybe the wording of the ssh option could change from "open and enable" to just "enable" when the firewall gets deselected,
The wording here is based on _Marcus_'s proposal in comment #4, to "avoid bloat".
Yes, the wording is OK as long as the firewall is on. What I was trying to say is, that instead of greying out or removing the ssh option when the firewall is disabled, just remove the port part of the wording. So, initially the options would read: * Firewall is enabled (disable) * SSH service is disabled and closed in firewall (enable and open) And when the firewall gets disabled, they change to: * Firewall is disabled (enable) * SSH service is disabled (enable) Does that make things clearer? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 http://bugzilla.novell.com/show_bug.cgi?id=537980#c17 Dieter Jurzitza <dieter.jurzitza@t-online.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dieter.jurzitza@t-online.de --- Comment #17 from Dieter Jurzitza <dieter.jurzitza@t-online.de> 2009-12-07 20:07:07 UTC --- Hi altogether, when installing 11.2 on my system I stumbled across the issue that sshd wasn't running and could not be enabled by any means but an "insserv /etc/init.d/sshd", what does not hurt me but should not be neccessary IMHO. Moreover, when installing yast-sshd, it fails at the end of the configuration saying "Firewall Einstellungen konnten nicht geschrieben werden". Just to make it clear: sshd is running now after manual modification. But I don't think this is the way it should be. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 http://bugzilla.novell.com/show_bug.cgi?id=537980#c Katarina Machalkova <kmachalkova@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |ASSIGNED -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 http://bugzilla.novell.com/show_bug.cgi?id=537980#c Katarina Machalkova <kmachalkova@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|kmachalkova@novell.com |jsrain@novell.com -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 http://bugzilla.novell.com/show_bug.cgi?id=537980#c Jiri Srain <jsrain@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|jsrain@novell.com |locilka@novell.com -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 http://bugzilla.novell.com/show_bug.cgi?id=537980#c18 Lukas Ocilka <locilka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |coolo@novell.com --- Comment #18 from Lukas Ocilka <locilka@novell.com> 2010-03-24 12:24:47 UTC --- Coolo, should firewall start SSH daemon in case of opening the SSHD port? I don't think so. Firewall should not manipulate with services. BTW, that's why we have a service proposal. Of course while installing over SSH, firewall should take care about opening the port. We could add the services proposal to the network proposal. What's your opinion on that? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 http://bugzilla.novell.com/show_bug.cgi?id=537980#c19 Stephan Kulow <coolo@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED CC| |coolo@novell.com InfoProvider|coolo@novell.com | --- Comment #19 from Stephan Kulow <coolo@novell.com> 2010-04-13 08:18:11 UTC --- I'm not sure the network proposal is read by so many these days - but it might be important in the future to do so. In general I agree with you: firewall shouldn't enable services, if anything it could add a warning dialog - but in general it should be the other way around: the service proposal should check the firewall settings. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=537980 http://bugzilla.novell.com/show_bug.cgi?id=537980#c20 --- Comment #20 from Reinhard Max <max@novell.com> 2010-04-13 10:37:53 CEST --- I think we MUST offer a way to enable sshd during a (ssh or non-ssh) installation, regardless whether the firewall is enabled or disabled. This was not possible in the installation workflow of recent releases, as disabling the firewall took away the option to enable ssh, but I haven't yet checked the 11.3 milestones. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c21 Lukas Ocilka <locilka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |locilka@novell.com Component|Installation |Installation Version|Final |Factory AssignedTo|locilka@novell.com |bnc-team-screening@forge.pr | |ovo.novell.com Product|openSUSE 11.2 |openSUSE 12.1 Summary|Opening SSH port in |Offer possibility to start |firewall should start SSH |SSH during installation --- Comment #21 from Lukas Ocilka <locilka@novell.com> 2011-06-13 09:12:49 UTC --- Reconsidering the status of this bug: * Requiring YaST Firewall to start SSH if SSH port is open during installation is the same as requiring to start (any) HTTP server if port 80 or 443 was open. Thus... * Starting SSH (and maybe other services?) might be handled by another installation proposal (services_proposal in runlevel) See also FATE #305583 PS: To be decided by the openSUSE PM/PjM -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c22 Stephan Kulow <coolo@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |WONTFIX --- Comment #22 from Stephan Kulow <coolo@novell.com> 2011-06-14 10:29:52 CEST --- assigning it to the screening team is pretty pointless, don't you think? if you don't want to work on bugs, close them as WONTFIX. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c23 Lukas Ocilka <locilka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WONTFIX | --- Comment #23 from Lukas Ocilka <locilka@novell.com> 2011-06-14 08:46:36 UTC --- . -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c24 Lukas Ocilka <locilka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEW AssignedTo|bnc-team-screening@forge.pr |jsuchome@novell.com |ovo.novell.com | --- Comment #24 from Lukas Ocilka <locilka@novell.com> 2011-06-14 08:48:22 UTC --- I thought I reassigned the bug to the new maintainer but switching product to 12.1 probably also changed the assignee automatically. Jiri, Coolo, please, see comment #21 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c25 Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |coolo@novell.com --- Comment #25 from Jiří Suchomel <jsuchome@novell.com> 2011-06-15 07:08:09 UTC --- Well, so what's the proposed solution? As Reinhard writes, currently "starting sshd" options is tied to starting firewall, so it is not available once firewall should not be running. So you want to leave out sshd from firewall section and add it to separate services section, right? Additionally, fate #305583 (last comment) describes a way how to set the default value in control file (sshd on/off) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c26 --- Comment #26 from Jiří Suchomel <jsuchome@novell.com> 2011-06-15 07:35:50 UTC --- Created an attachment (id=434509) --> (http://bugzilla.novell.com/attachment.cgi?id=434509) screenshot This is how installation proposal with services could look like. It was taken from SLES actually. It is missing the firewall proposal, from which the sshd options should be removed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c27 Stephan Kulow <coolo@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|coolo@novell.com | --- Comment #27 from Stephan Kulow <coolo@novell.com> 2011-06-15 10:16:15 CEST --- this is how it should look like, yes. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c28 --- Comment #28 from Reinhard Max <max@novell.com> 2011-06-15 10:43:35 CEST --- I think prefixing every line with "Service " is redundant, as the section is already called "Services". Instead I suggest the following wording: * SSH Server will be disabled (enable) and likewise for other services. I am still pondering whether it makes more sense to say "will be started"/"will not be started", which would be closer to the technical reality, but might mislead users to think the start/stop happens immediately rather than on next boot. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c29 Jiří Suchomel <jsuchome@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |coolo@novell.com --- Comment #29 from Jiří Suchomel <jsuchome@novell.com> 2011-06-15 11:10:45 UTC --- OK, we've just found a misunderstanding. While services proposal works and is used in 2nd stage of SLE products, it is not present in openSUSE and in current state cannot be used in 1st stage of any product. (Yes, when I created screenshot for comment 26, I commented some part) Should we adapt it for 1st stage usage? Lukas, would it be possible? If so, should we remove it from 2nd stage of SLES (which is actually fate #305583) or should we keep it on different places for both products? Or, should we rather add services proposal to 2nd stage of openSUSE as well? This would meen less coding, but we currently do not have a place where it fits, SLE products have it in "Network Services Configuration" step, which is not part of openSUSE. Lukas, Stephan? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c31 Lukas Ocilka <locilka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |ASSIGNED InfoProvider|locilka@novell.com | --- Comment #31 from Lukas Ocilka <locilka@novell.com> 2011-06-21 07:53:55 UTC --- It's mainly about moving code from services_proposal client to a new library and also about creating another services_finish client that would write the setting at the end of first stage. Starting services would have to be omitted though. It can be done but it would take more than just a few hours. Anyway, if users need the SSH daemon to run and there's no other way, it's worth the effort, I'd say. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c33 --- Comment #33 from Lukas Ocilka <locilka@novell.com> 2011-07-21 07:46:24 UTC --- Created an attachment (id=441301) --> (http://bugzilla.novell.com/attachment.cgi?id=441301) Screenshot from 11.4: Firewall and SSH settings 11.4 already has Firewall and SSH settings. SSH is turned off by default but it can be easily turned on just by clicking on a link in the proposal. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c34 --- Comment #34 from Lukas Ocilka <locilka@novell.com> 2011-07-21 07:47:48 UTC --- Created an attachment (id=441302) --> (http://bugzilla.novell.com/attachment.cgi?id=441302) Screenshot from 11.4: Firewall on an installed system Firewall is up and running, SSH port open. SSHD is up and running as well. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c35 Lukas Ocilka <locilka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |FIXED --- Comment #35 from Lukas Ocilka <locilka@novell.com> 2011-07-21 07:48:54 UTC ---
From my POV, this is fixed :) (already in 11.4)
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c36 Reinhard Max <max@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED Resolution|FIXED | --- Comment #36 from Reinhard Max <max@novell.com> 2011-07-21 10:00:46 CEST --- The problem is, that you can't enable SSH once the firewall has been disabled. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c37 Stephan Kulow <coolo@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |FIXED --- Comment #37 from Stephan Kulow <coolo@novell.com> 2011-07-21 10:08:22 CEST --- but that's hardly about the installation. File a new feature then -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c38 Reinhard Max <max@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | --- Comment #38 from Reinhard Max <max@novell.com> 2011-07-21 10:12:12 CEST --- This is not a new feature, it is a bug in the installation workflow that disabling the firewall takes away the possibility to enable ssh. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c39 Lukas Ocilka <locilka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |ASSIGNED --- Comment #39 from Lukas Ocilka <locilka@novell.com> 2011-07-21 08:18:11 UTC --- OK guys, sounds like a bug :) Let me look into that once again :) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c40 --- Comment #40 from Jiří Suchomel <jsuchome@novell.com> 2011-07-21 08:33:04 UTC --- There was already solution proposal here: use services proposal in 1st stage (e.g. comment 26). Current one is 2nd stage only, so there'd be need to adapt it (maybe simplify) to 1st stage usage. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c41 --- Comment #41 from Lukas Ocilka <locilka@novell.com> 2011-07-21 11:41:51 UTC --- Created an attachment (id=441458) --> (http://bugzilla.novell.com/attachment.cgi?id=441458) Screenshot from 11.4: Firewall and SSH settings (Fixed) Now you can enable the SSH service even with disabled firewall -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c42 --- Comment #42 from Lukas Ocilka <locilka@novell.com> 2011-07-21 11:43:09 UTC --- Created an attachment (id=441459) --> (http://bugzilla.novell.com/attachment.cgi?id=441459) Screenshot from 11.4: Checking the FW and SSHD status After the installation, Firewall is disabled but SSHD is running. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c43 Lukas Ocilka <locilka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution| |FIXED --- Comment #43 from Lukas Ocilka <locilka@novell.com> 2011-07-21 11:48:09 UTC --- - Fixed Firewall and SSH proposal to be still able to adjust SSH independently on the firewall status (bnc#537980). - yast2-network 2.20.13 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=537980 https://bugzilla.novell.com/show_bug.cgi?id=537980#c44 --- Comment #44 from Bernhard Wiedemann <bwiedemann@novell.com> 2011-07-22 19:00:34 CEST --- This is an autogenerated message for OBS integration: This bug (537980) was mentioned in https://build.opensuse.org/request/show/76800 Factory / yast2-network -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com