[Freeipa-devel] [PATCH] 0001: Silence sshd messages during install

Jan Cholasta jcholast at redhat.com
Mon Aug 8 11:52:31 UTC 2016 

On 19.7.2016 08:40, Jan Cholasta wrote:
> Hi,
>
> On 9.7.2016 14:46, Ben Lipton wrote:
>> On 07/07/2016 11:19 AM, Ben Lipton wrote:
>>>
>>> Thanks for the review! Comments below.
>>>
>>>
>>> On 07/01/2016 07:42 AM, Martin Basti wrote:
>>>>
>>>>
>>>>
>>>> On 29.06.2016 20:46, Ben Lipton wrote:
>>>>> The attached patch silences some annoying messages I've been getting
>>>>> when upgrading the freeipa-client package on F24:
>>>>> """
>>>>> WARNING: 'UseLogin yes' is not supported in Fedora and may cause
>>>>> several problems.
>>> This will be fixed by openssh-7.2p2-9.fc24
>>> (https://bugzilla.redhat.com/show_bug.cgi?id=1350347) so we probably
>>> shouldn't worry about it.
>>>>> Could not load host key: /etc/ssh/ssh_host_dsa_key
>>> This is because by default sshd looks for all of
>>> /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key,
>>> /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key, but
>>> Fedora doesn't generate a DSA key by default.
>>>>> """
>>>>>
>>>>> Since the script causing the message only looks at the return code
>>>>> from sshd to determine the right options to use, I thought it might
>>>>> be ok to discard the output. What do you think?
>>>>>
>>>>> Ben
>>>>>
>>>>>
>>>>
>>>> Hello, I don't like to hiding errors/warnings. Can you determine and
>>>> solve the root cause?
>>>
>>> I definitely agree with this in principle, but in this case the
>>> purpose of this code is to try different, potentially wrong,
>>> parameters to sshd until it finds a combination that it accepts. It
>>> seems like in some environments this would produce error messages that
>>> aren't actionable and don't indicate any problem for package function,
>>> which is why I didn't think these messages were necessarily worth
>>> preserving.
>>>
>>> On the other hand, if the code makes the wrong decision about sshd
>>> version we might be interested in error logs that show why. Can we log
>>> this to a file instead of the console, maybe?
>>>
>>> If you'd prefer just addressing the root cause, a patch that prevents
>>> the missing host key error is attached, but it won't stop the error
>>> messages showing up when openssh is an older version.
>>>
>>> Thanks,
>>> Ben
>>>
>>>
>> Whoops, realized that my patch created a tempfile and didn't delete it.
>> Updated.
>
> I think the first version of the patch was OK. sshd is called only to
> check which set of authorized keys options to use, we don't really care
> about anything else, so we can safely ignore whatever it puts to stderr.

Bump.

ACK on the first version of the patch 
(freeipa-blipton-0001-Silence-sshd-messages-during-install.patch).

Anyone against pushing it?

>
> Honza
>


-- 
Jan Cholasta

More information about the Freeipa-devel mailing list