[Freeipa-devel] [PATCH] 0001: Silence sshd messages during install

Mon Aug 8 11:58:31 UTC 2016

On Mon, 08 Aug 2016, Jan Cholasta wrote:
>On 19.7.2016 08:40, Jan Cholasta wrote:
>>Hi,
>>
>>On 9.7.2016 14:46, Ben Lipton wrote:
>>>On 07/07/2016 11:19 AM, Ben Lipton wrote:
>>>>
>>>>Thanks for the review! Comments below.
>>>>
>>>>
>>>>On 07/01/2016 07:42 AM, Martin Basti wrote:
>>>>>
>>>>>
>>>>>
>>>>>On 29.06.2016 20:46, Ben Lipton wrote:
>>>>>>The attached patch silences some annoying messages I've been getting
>>>>>>when upgrading the freeipa-client package on F24:
>>>>>>"""
>>>>>>WARNING: 'UseLogin yes' is not supported in Fedora and may cause
>>>>>>several problems.
>>>>This will be fixed by openssh-7.2p2-9.fc24
>>>>(https://bugzilla.redhat.com/show_bug.cgi?id=1350347) so we probably
>>>>shouldn't worry about it.
>>>>>>Could not load host key: /etc/ssh/ssh_host_dsa_key
>>>>This is because by default sshd looks for all of
>>>>/etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key,
>>>>/etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key, but
>>>>Fedora doesn't generate a DSA key by default.
>>>>>>"""
>>>>>>
>>>>>>Since the script causing the message only looks at the return code
>>>>>>from sshd to determine the right options to use, I thought it might
>>>>>>be ok to discard the output. What do you think?
>>>>>>
>>>>>>Ben
>>>>>>
>>>>>>
>>>>>
>>>>>Hello, I don't like to hiding errors/warnings. Can you determine and
>>>>>solve the root cause?
>>>>
>>>>I definitely agree with this in principle, but in this case the
>>>>purpose of this code is to try different, potentially wrong,
>>>>parameters to sshd until it finds a combination that it accepts. It
>>>>seems like in some environments this would produce error messages that
>>>>aren't actionable and don't indicate any problem for package function,
>>>>which is why I didn't think these messages were necessarily worth
>>>>preserving.
>>>>
>>>>On the other hand, if the code makes the wrong decision about sshd
>>>>version we might be interested in error logs that show why. Can we log
>>>>this to a file instead of the console, maybe?
>>>>
>>>>If you'd prefer just addressing the root cause, a patch that prevents
>>>>the missing host key error is attached, but it won't stop the error
>>>>messages showing up when openssh is an older version.
>>>>
>>>>Thanks,
>>>>Ben
>>>>
>>>>
>>>Whoops, realized that my patch created a tempfile and didn't delete it.
>>>Updated.
>>
>>I think the first version of the patch was OK. sshd is called only to
>>check which set of authorized keys options to use, we don't really care
>>about anything else, so we can safely ignore whatever it puts to stderr.
>
>Bump.
>
>ACK on the first version of the patch 
>(freeipa-blipton-0001-Silence-sshd-messages-during-install.patch).
>
>Anyone against pushing it?
Given that newer OpenSSH version will silence it anyway, I'm OK with the
interim fix.
-- 
/ Alexander Bokovoy