<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 11.08.2016 15:45, Martin Basti
wrote:<br>
</div>
<blockquote
cite="mid:e961fd4d-fedc-90aa-e518-7279f0640323@redhat.com"
type="cite">
<br>
<br>
On 11.08.2016 15:40, Jan Cholasta wrote:
<br>
<blockquote type="cite">On 8.8.2016 14:25, Martin Basti wrote:
<br>
<blockquote type="cite">
<br>
<br>
On 08.08.2016 13:58, Alexander Bokovoy wrote:
<br>
<blockquote type="cite">On Mon, 08 Aug 2016, Jan Cholasta
wrote:
<br>
<blockquote type="cite">On 19.7.2016 08:40, Jan Cholasta
wrote:
<br>
<blockquote type="cite">Hi,
<br>
<br>
On 9.7.2016 14:46, Ben Lipton wrote:
<br>
<blockquote type="cite">On 07/07/2016 11:19 AM, Ben
Lipton wrote:
<br>
<blockquote type="cite">
<br>
Thanks for the review! Comments below.
<br>
<br>
<br>
On 07/01/2016 07:42 AM, Martin Basti wrote:
<br>
<blockquote type="cite">
<br>
<br>
<br>
On 29.06.2016 20:46, Ben Lipton wrote:
<br>
<blockquote type="cite">The attached patch
silences some annoying messages I've been
<br>
getting
<br>
when upgrading the freeipa-client package on
F24:
<br>
"""
<br>
WARNING: 'UseLogin yes' is not supported in
Fedora and may cause
<br>
several problems.
<br>
</blockquote>
</blockquote>
This will be fixed by openssh-7.2p2-9.fc24
<br>
(<a class="moz-txt-link-freetext" href="https://bugzilla.redhat.com/show_bug.cgi?id=1350347">https://bugzilla.redhat.com/show_bug.cgi?id=1350347</a>) so we probably
<br>
shouldn't worry about it.
<br>
<blockquote type="cite">
<blockquote type="cite">Could not load host key:
/etc/ssh/ssh_host_dsa_key
<br>
</blockquote>
</blockquote>
This is because by default sshd looks for all of
<br>
/etc/ssh/ssh_host_dsa_key,
/etc/ssh/ssh_host_ecdsa_key,
<br>
/etc/ssh/ssh_host_ed25519_key and
/etc/ssh/ssh_host_rsa_key, but
<br>
Fedora doesn't generate a DSA key by default.
<br>
<blockquote type="cite">
<blockquote type="cite">"""
<br>
<br>
Since the script causing the message only looks
at the return code
<br>
from sshd to determine the right options to use,
I thought it might
<br>
be ok to discard the output. What do you think?
<br>
<br>
Ben
<br>
<br>
<br>
</blockquote>
<br>
Hello, I don't like to hiding errors/warnings. Can
you determine and
<br>
solve the root cause?
<br>
</blockquote>
<br>
I definitely agree with this in principle, but in
this case the
<br>
purpose of this code is to try different,
potentially wrong,
<br>
parameters to sshd until it finds a combination that
it accepts. It
<br>
seems like in some environments this would produce
error messages
<br>
that
<br>
aren't actionable and don't indicate any problem for
package
<br>
function,
<br>
which is why I didn't think these messages were
necessarily worth
<br>
preserving.
<br>
<br>
On the other hand, if the code makes the wrong
decision about sshd
<br>
version we might be interested in error logs that
show why. Can we
<br>
log
<br>
this to a file instead of the console, maybe?
<br>
<br>
If you'd prefer just addressing the root cause, a
patch that prevents
<br>
the missing host key error is attached, but it won't
stop the error
<br>
messages showing up when openssh is an older
version.
<br>
<br>
Thanks,
<br>
Ben
<br>
<br>
<br>
</blockquote>
Whoops, realized that my patch created a tempfile and
didn't delete
<br>
it.
<br>
Updated.
<br>
</blockquote>
<br>
I think the first version of the patch was OK. sshd is
called only to
<br>
check which set of authorized keys options to use, we
don't really care
<br>
about anything else, so we can safely ignore whatever it
puts to
<br>
stderr.
<br>
</blockquote>
<br>
Bump.
<br>
<br>
ACK on the first version of the patch
<br>
(freeipa-blipton-0001-Silence-sshd-messages-during-install.patch).
<br>
<br>
Anyone against pushing it?
<br>
</blockquote>
Given that newer OpenSSH version will silence it anyway, I'm
OK with the
<br>
interim fix.
<br>
</blockquote>
Pushed to master: c15ba1f9e8c7d236586d46271fce7c3950b509da
<br>
</blockquote>
<br>
You pushed the wrong patch (0002).
<br>
<br>
</blockquote>
<br>
Yes, sorry, I forgot how to numbers
<br>
<br>
Fixed patch attached.
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
fix (revert + original patch) pushed to master:
58d28b741022d06d7050db66997fd5d527b99bc1<br>
<br>
</body>
</html>