[Freeipa-devel] [PATCH] 0001: Silence sshd messages during install

Tue Aug 16 10:17:41 UTC 2016


On 11.08.2016 15:45, Martin Basti wrote:
>
>
> On 11.08.2016 15:40, Jan Cholasta wrote:
>> On 8.8.2016 14:25, Martin Basti wrote:
>>>
>>>
>>> On 08.08.2016 13:58, Alexander Bokovoy wrote:
>>>> On Mon, 08 Aug 2016, Jan Cholasta wrote:
>>>>> On 19.7.2016 08:40, Jan Cholasta wrote:
>>>>>> Hi,
>>>>>>
>>>>>> On 9.7.2016 14:46, Ben Lipton wrote:
>>>>>>> On 07/07/2016 11:19 AM, Ben Lipton wrote:
>>>>>>>>
>>>>>>>> Thanks for the review! Comments below.
>>>>>>>>
>>>>>>>>
>>>>>>>> On 07/01/2016 07:42 AM, Martin Basti wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 29.06.2016 20:46, Ben Lipton wrote:
>>>>>>>>>> The attached patch silences some annoying messages I've been
>>>>>>>>>> getting
>>>>>>>>>> when upgrading the freeipa-client package on F24:
>>>>>>>>>> """
>>>>>>>>>> WARNING: 'UseLogin yes' is not supported in Fedora and may cause
>>>>>>>>>> several problems.
>>>>>>>> This will be fixed by openssh-7.2p2-9.fc24
>>>>>>>> (https://bugzilla.redhat.com/show_bug.cgi?id=1350347) so we 
>>>>>>>> probably
>>>>>>>> shouldn't worry about it.
>>>>>>>>>> Could not load host key: /etc/ssh/ssh_host_dsa_key
>>>>>>>> This is because by default sshd looks for all of
>>>>>>>> /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key,
>>>>>>>> /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key, but
>>>>>>>> Fedora doesn't generate a DSA key by default.
>>>>>>>>>> """
>>>>>>>>>>
>>>>>>>>>> Since the script causing the message only looks at the return 
>>>>>>>>>> code
>>>>>>>>>> from sshd to determine the right options to use, I thought it 
>>>>>>>>>> might
>>>>>>>>>> be ok to discard the output. What do you think?
>>>>>>>>>>
>>>>>>>>>> Ben
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Hello, I don't like to hiding errors/warnings. Can you 
>>>>>>>>> determine and
>>>>>>>>> solve the root cause?
>>>>>>>>
>>>>>>>> I definitely agree with this in principle, but in this case the
>>>>>>>> purpose of this code is to try different, potentially wrong,
>>>>>>>> parameters to sshd until it finds a combination that it 
>>>>>>>> accepts. It
>>>>>>>> seems like in some environments this would produce error messages
>>>>>>>> that
>>>>>>>> aren't actionable and don't indicate any problem for package
>>>>>>>> function,
>>>>>>>> which is why I didn't think these messages were necessarily worth
>>>>>>>> preserving.
>>>>>>>>
>>>>>>>> On the other hand, if the code makes the wrong decision about sshd
>>>>>>>> version we might be interested in error logs that show why. Can we
>>>>>>>> log
>>>>>>>> this to a file instead of the console, maybe?
>>>>>>>>
>>>>>>>> If you'd prefer just addressing the root cause, a patch that 
>>>>>>>> prevents
>>>>>>>> the missing host key error is attached, but it won't stop the 
>>>>>>>> error
>>>>>>>> messages showing up when openssh is an older version.
>>>>>>>>
>>>>>>>> Thanks,
>>>>>>>> Ben
>>>>>>>>
>>>>>>>>
>>>>>>> Whoops, realized that my patch created a tempfile and didn't delete
>>>>>>> it.
>>>>>>> Updated.
>>>>>>
>>>>>> I think the first version of the patch was OK. sshd is called 
>>>>>> only to
>>>>>> check which set of authorized keys options to use, we don't 
>>>>>> really care
>>>>>> about anything else, so we can safely ignore whatever it puts to
>>>>>> stderr.
>>>>>
>>>>> Bump.
>>>>>
>>>>> ACK on the first version of the patch
>>>>> (freeipa-blipton-0001-Silence-sshd-messages-during-install.patch).
>>>>>
>>>>> Anyone against pushing it?
>>>> Given that newer OpenSSH version will silence it anyway, I'm OK 
>>>> with the
>>>> interim fix.
>>> Pushed to master: c15ba1f9e8c7d236586d46271fce7c3950b509da
>>
>> You pushed the wrong patch (0002).
>>
>
> Yes, sorry, I forgot how to numbers
>
> Fixed patch attached.
>
>
fix (revert + original patch) pushed to master: 
58d28b741022d06d7050db66997fd5d527b99bc1

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160816/74c0a3d8/attachment.htm>