[Freeipa-devel] [PATCH] 0001: Silence sshd messages during install

Ben Lipton blipton at redhat.com
Sat Jul 9 12:46:35 UTC 2016 

On 07/07/2016 11:19 AM, Ben Lipton wrote:
>
> Thanks for the review! Comments below.
>
>
> On 07/01/2016 07:42 AM, Martin Basti wrote:
>>
>>
>>
>> On 29.06.2016 20:46, Ben Lipton wrote:
>>> The attached patch silences some annoying messages I've been getting 
>>> when upgrading the freeipa-client package on F24:
>>> """
>>> WARNING: 'UseLogin yes' is not supported in Fedora and may cause 
>>> several problems.
> This will be fixed by openssh-7.2p2-9.fc24 
> (https://bugzilla.redhat.com/show_bug.cgi?id=1350347) so we probably 
> shouldn't worry about it.
>>> Could not load host key: /etc/ssh/ssh_host_dsa_key
> This is because by default sshd looks for all of 
> /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key, 
> /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key, but 
> Fedora doesn't generate a DSA key by default.
>>> """
>>>
>>> Since the script causing the message only looks at the return code 
>>> from sshd to determine the right options to use, I thought it might 
>>> be ok to discard the output. What do you think?
>>>
>>> Ben
>>>
>>>
>>
>> Hello, I don't like to hiding errors/warnings. Can you determine and 
>> solve the root cause?
>
> I definitely agree with this in principle, but in this case the 
> purpose of this code is to try different, potentially wrong, 
> parameters to sshd until it finds a combination that it accepts. It 
> seems like in some environments this would produce error messages that 
> aren't actionable and don't indicate any problem for package function, 
> which is why I didn't think these messages were necessarily worth 
> preserving.
>
> On the other hand, if the code makes the wrong decision about sshd 
> version we might be interested in error logs that show why. Can we log 
> this to a file instead of the console, maybe?
>
> If you'd prefer just addressing the root cause, a patch that prevents 
> the missing host key error is attached, but it won't stop the error 
> messages showing up when openssh is an older version.
>
> Thanks,
> Ben
>
>
Whoops, realized that my patch created a tempfile and didn't delete it. 
Updated.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160709/14017927/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-blipton-0002-2-Use-existing-HostKey-config-to-test-sshd.patch
Type: text/x-patch
Size: 2798 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160709/14017927/attachment.bin>

More information about the Freeipa-devel mailing list