[Freeipa-devel] [PATCH] 0001: Silence sshd messages during install

Thu Aug 11 13:45:44 UTC 2016


On 11.08.2016 15:40, Jan Cholasta wrote:
> On 8.8.2016 14:25, Martin Basti wrote:
>>
>>
>> On 08.08.2016 13:58, Alexander Bokovoy wrote:
>>> On Mon, 08 Aug 2016, Jan Cholasta wrote:
>>>> On 19.7.2016 08:40, Jan Cholasta wrote:
>>>>> Hi,
>>>>>
>>>>> On 9.7.2016 14:46, Ben Lipton wrote:
>>>>>> On 07/07/2016 11:19 AM, Ben Lipton wrote:
>>>>>>>
>>>>>>> Thanks for the review! Comments below.
>>>>>>>
>>>>>>>
>>>>>>> On 07/01/2016 07:42 AM, Martin Basti wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On 29.06.2016 20:46, Ben Lipton wrote:
>>>>>>>>> The attached patch silences some annoying messages I've been
>>>>>>>>> getting
>>>>>>>>> when upgrading the freeipa-client package on F24:
>>>>>>>>> """
>>>>>>>>> WARNING: 'UseLogin yes' is not supported in Fedora and may cause
>>>>>>>>> several problems.
>>>>>>> This will be fixed by openssh-7.2p2-9.fc24
>>>>>>> (https://bugzilla.redhat.com/show_bug.cgi?id=1350347) so we 
>>>>>>> probably
>>>>>>> shouldn't worry about it.
>>>>>>>>> Could not load host key: /etc/ssh/ssh_host_dsa_key
>>>>>>> This is because by default sshd looks for all of
>>>>>>> /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key,
>>>>>>> /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key, but
>>>>>>> Fedora doesn't generate a DSA key by default.
>>>>>>>>> """
>>>>>>>>>
>>>>>>>>> Since the script causing the message only looks at the return 
>>>>>>>>> code
>>>>>>>>> from sshd to determine the right options to use, I thought it 
>>>>>>>>> might
>>>>>>>>> be ok to discard the output. What do you think?
>>>>>>>>>
>>>>>>>>> Ben
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>> Hello, I don't like to hiding errors/warnings. Can you 
>>>>>>>> determine and
>>>>>>>> solve the root cause?
>>>>>>>
>>>>>>> I definitely agree with this in principle, but in this case the
>>>>>>> purpose of this code is to try different, potentially wrong,
>>>>>>> parameters to sshd until it finds a combination that it accepts. It
>>>>>>> seems like in some environments this would produce error messages
>>>>>>> that
>>>>>>> aren't actionable and don't indicate any problem for package
>>>>>>> function,
>>>>>>> which is why I didn't think these messages were necessarily worth
>>>>>>> preserving.
>>>>>>>
>>>>>>> On the other hand, if the code makes the wrong decision about sshd
>>>>>>> version we might be interested in error logs that show why. Can we
>>>>>>> log
>>>>>>> this to a file instead of the console, maybe?
>>>>>>>
>>>>>>> If you'd prefer just addressing the root cause, a patch that 
>>>>>>> prevents
>>>>>>> the missing host key error is attached, but it won't stop the error
>>>>>>> messages showing up when openssh is an older version.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Ben
>>>>>>>
>>>>>>>
>>>>>> Whoops, realized that my patch created a tempfile and didn't delete
>>>>>> it.
>>>>>> Updated.
>>>>>
>>>>> I think the first version of the patch was OK. sshd is called only to
>>>>> check which set of authorized keys options to use, we don't really 
>>>>> care
>>>>> about anything else, so we can safely ignore whatever it puts to
>>>>> stderr.
>>>>
>>>> Bump.
>>>>
>>>> ACK on the first version of the patch
>>>> (freeipa-blipton-0001-Silence-sshd-messages-during-install.patch).
>>>>
>>>> Anyone against pushing it?
>>> Given that newer OpenSSH version will silence it anyway, I'm OK with 
>>> the
>>> interim fix.
>> Pushed to master: c15ba1f9e8c7d236586d46271fce7c3950b509da
>
> You pushed the wrong patch (0002).
>

Yes, sorry, I forgot how to numbers

Fixed patch attached.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-blipton-0001-Silence-sshd-messages-during-install.patch
Type: text/x-patch
Size: 2720 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160811/359011c2/attachment.bin>