<html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">On 11.08.2016 15:45, Martin Basti wrote: </div> <blockquote cite="mid:e961fd4d-fedc-90aa-e518-7279f0640323@redhat.com" type="cite"> On 11.08.2016 15:40, Jan Cholasta wrote: <blockquote type="cite">On 8.8.2016 14:25, Martin Basti wrote: <blockquote type="cite"> On 08.08.2016 13:58, Alexander Bokovoy wrote: <blockquote type="cite">On Mon, 08 Aug 2016, Jan Cholasta wrote: <blockquote type="cite">On 19.7.2016 08:40, Jan Cholasta wrote: <blockquote type="cite">Hi, On 9.7.2016 14:46, Ben Lipton wrote: <blockquote type="cite">On 07/07/2016 11:19 AM, Ben Lipton wrote: <blockquote type="cite"> Thanks for the review! Comments below. On 07/01/2016 07:42 AM, Martin Basti wrote: <blockquote type="cite"> On 29.06.2016 20:46, Ben Lipton wrote: <blockquote type="cite">The attached patch silences some annoying messages I've been getting when upgrading the freeipa-client package on F24: """ WARNING: 'UseLogin yes' is not supported in Fedora and may cause several problems. </blockquote> </blockquote> This will be fixed by openssh-7.2p2-9.fc24 (<a class="moz-txt-link-freetext" href="https://bugzilla.redhat.com/show_bug.cgi?id=1350347">https://bugzilla.redhat.com/show_bug.cgi?id=1350347</a>) so we probably shouldn't worry about it. <blockquote type="cite"> <blockquote type="cite">Could not load host key: /etc/ssh/ssh_host_dsa_key </blockquote> </blockquote> This is because by default sshd looks for all of /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key, /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key, but Fedora doesn't generate a DSA key by default. <blockquote type="cite"> <blockquote type="cite">""" Since the script causing the message only looks at the return code from sshd to determine the right options to use, I thought it might be ok to discard the output. What do you think? Ben </blockquote> Hello, I don't like to hiding errors/warnings. Can you determine and solve the root cause? </blockquote> I definitely agree with this in principle, but in this case the purpose of this code is to try different, potentially wrong, parameters to sshd until it finds a combination that it accepts. It seems like in some environments this would produce error messages that aren't actionable and don't indicate any problem for package function, which is why I didn't think these messages were necessarily worth preserving. On the other hand, if the code makes the wrong decision about sshd version we might be interested in error logs that show why. Can we log this to a file instead of the console, maybe? If you'd prefer just addressing the root cause, a patch that prevents the missing host key error is attached, but it won't stop the error messages showing up when openssh is an older version. Thanks, Ben </blockquote> Whoops, realized that my patch created a tempfile and didn't delete it. Updated. </blockquote> I think the first version of the patch was OK. sshd is called only to check which set of authorized keys options to use, we don't really care about anything else, so we can safely ignore whatever it puts to stderr. </blockquote> Bump. ACK on the first version of the patch (freeipa-blipton-0001-Silence-sshd-messages-during-install.patch). Anyone against pushing it? </blockquote> Given that newer OpenSSH version will silence it anyway, I'm OK with the interim fix. </blockquote> Pushed to master: c15ba1f9e8c7d236586d46271fce7c3950b509da </blockquote> You pushed the wrong patch (0002). </blockquote> Yes, sorry, I forgot how to numbers Fixed patch attached. <fieldset class="mimeAttachmentHeader"></fieldset> </blockquote> fix (revert + original patch) pushed to master: 58d28b741022d06d7050db66997fd5d527b99bc1 </body> </html>