[Freeipa-devel] [PATCH] 0001: Silence sshd messages during install
Ben Lipton
blipton at redhat.com
Thu Jul 7 15:19:52 UTC 2016
Thanks for the review! Comments below.
On 07/01/2016 07:42 AM, Martin Basti wrote:
>
>
>
> On 29.06.2016 20:46, Ben Lipton wrote:
>> The attached patch silences some annoying messages I've been getting
>> when upgrading the freeipa-client package on F24:
>> """
>> WARNING: 'UseLogin yes' is not supported in Fedora and may cause
>> several problems.
This will be fixed by openssh-7.2p2-9.fc24
(https://bugzilla.redhat.com/show_bug.cgi?id=1350347) so we probably
shouldn't worry about it.
>> Could not load host key: /etc/ssh/ssh_host_dsa_key
This is because by default sshd looks for all of
/etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key,
/etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key, but Fedora
doesn't generate a DSA key by default.
>> """
>>
>> Since the script causing the message only looks at the return code
>> from sshd to determine the right options to use, I thought it might
>> be ok to discard the output. What do you think?
>>
>> Ben
>>
>>
>
> Hello, I don't like to hiding errors/warnings. Can you determine and
> solve the root cause?
I definitely agree with this in principle, but in this case the purpose
of this code is to try different, potentially wrong, parameters to sshd
until it finds a combination that it accepts. It seems like in some
environments this would produce error messages that aren't actionable
and don't indicate any problem for package function, which is why I
didn't think these messages were necessarily worth preserving.
On the other hand, if the code makes the wrong decision about sshd
version we might be interested in error logs that show why. Can we log
this to a file instead of the console, maybe?
If you'd prefer just addressing the root cause, a patch that prevents
the missing host key error is attached, but it won't stop the error
messages showing up when openssh is an older version.
Thanks,
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160707/e2b3d0e5/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-blipton-0002-Use-existing-HostKey-config-to-test-sshd.patch
Type: text/x-patch
Size: 2607 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160707/e2b3d0e5/attachment.bin>
More information about the Freeipa-devel
mailing list