[Freeipa-devel] [PATCH] 0001: Silence sshd messages during install
Jan Cholasta
jcholast at redhat.com
Thu Aug 11 13:40:34 UTC 2016
On 8.8.2016 14:25, Martin Basti wrote:
>
>
> On 08.08.2016 13:58, Alexander Bokovoy wrote:
>> On Mon, 08 Aug 2016, Jan Cholasta wrote:
>>> On 19.7.2016 08:40, Jan Cholasta wrote:
>>>> Hi,
>>>>
>>>> On 9.7.2016 14:46, Ben Lipton wrote:
>>>>> On 07/07/2016 11:19 AM, Ben Lipton wrote:
>>>>>>
>>>>>> Thanks for the review! Comments below.
>>>>>>
>>>>>>
>>>>>> On 07/01/2016 07:42 AM, Martin Basti wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 29.06.2016 20:46, Ben Lipton wrote:
>>>>>>>> The attached patch silences some annoying messages I've been
>>>>>>>> getting
>>>>>>>> when upgrading the freeipa-client package on F24:
>>>>>>>> """
>>>>>>>> WARNING: 'UseLogin yes' is not supported in Fedora and may cause
>>>>>>>> several problems.
>>>>>> This will be fixed by openssh-7.2p2-9.fc24
>>>>>> (https://bugzilla.redhat.com/show_bug.cgi?id=1350347) so we probably
>>>>>> shouldn't worry about it.
>>>>>>>> Could not load host key: /etc/ssh/ssh_host_dsa_key
>>>>>> This is because by default sshd looks for all of
>>>>>> /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key,
>>>>>> /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key, but
>>>>>> Fedora doesn't generate a DSA key by default.
>>>>>>>> """
>>>>>>>>
>>>>>>>> Since the script causing the message only looks at the return code
>>>>>>>> from sshd to determine the right options to use, I thought it might
>>>>>>>> be ok to discard the output. What do you think?
>>>>>>>>
>>>>>>>> Ben
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> Hello, I don't like to hiding errors/warnings. Can you determine and
>>>>>>> solve the root cause?
>>>>>>
>>>>>> I definitely agree with this in principle, but in this case the
>>>>>> purpose of this code is to try different, potentially wrong,
>>>>>> parameters to sshd until it finds a combination that it accepts. It
>>>>>> seems like in some environments this would produce error messages
>>>>>> that
>>>>>> aren't actionable and don't indicate any problem for package
>>>>>> function,
>>>>>> which is why I didn't think these messages were necessarily worth
>>>>>> preserving.
>>>>>>
>>>>>> On the other hand, if the code makes the wrong decision about sshd
>>>>>> version we might be interested in error logs that show why. Can we
>>>>>> log
>>>>>> this to a file instead of the console, maybe?
>>>>>>
>>>>>> If you'd prefer just addressing the root cause, a patch that prevents
>>>>>> the missing host key error is attached, but it won't stop the error
>>>>>> messages showing up when openssh is an older version.
>>>>>>
>>>>>> Thanks,
>>>>>> Ben
>>>>>>
>>>>>>
>>>>> Whoops, realized that my patch created a tempfile and didn't delete
>>>>> it.
>>>>> Updated.
>>>>
>>>> I think the first version of the patch was OK. sshd is called only to
>>>> check which set of authorized keys options to use, we don't really care
>>>> about anything else, so we can safely ignore whatever it puts to
>>>> stderr.
>>>
>>> Bump.
>>>
>>> ACK on the first version of the patch
>>> (freeipa-blipton-0001-Silence-sshd-messages-during-install.patch).
>>>
>>> Anyone against pushing it?
>> Given that newer OpenSSH version will silence it anyway, I'm OK with the
>> interim fix.
> Pushed to master: c15ba1f9e8c7d236586d46271fce7c3950b509da
You pushed the wrong patch (0002).
--
Jan Cholasta
More information about the Freeipa-devel
mailing list