<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 07/07/2016 11:19 AM, Ben Lipton wrote:<br>
<blockquote
cite="mid:b9964bfa-2e77-163b-4cd8-21fb0b719958@redhat.com"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<p>Thanks for the review! Comments below.<br>
</p>
<br>
<div class="moz-cite-prefix">On 07/01/2016 07:42 AM, Martin Basti
wrote:<br>
</div>
<blockquote
cite="mid:3fe0b9ae-9b22-3a9a-3d4a-067c51a22452@redhat.com"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 29.06.2016 20:46, Ben Lipton
wrote:<br>
</div>
<blockquote
cite="mid:dae97497-2ee4-3533-da66-f548500773a6@redhat.com"
type="cite">The attached patch silences some annoying messages
I've been getting when upgrading the freeipa-client package on
F24: <br>
""" <br>
WARNING: 'UseLogin yes' is not supported in Fedora and may
cause several problems. <br>
</blockquote>
</blockquote>
This will be fixed by openssh-7.2p2-9.fc24 (<a
moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://bugzilla.redhat.com/show_bug.cgi?id=1350347"><a class="moz-txt-link-freetext" href="https://bugzilla.redhat.com/show_bug.cgi?id=1350347">https://bugzilla.redhat.com/show_bug.cgi?id=1350347</a></a>)
so we probably shouldn't worry about it.<br>
<blockquote
cite="mid:3fe0b9ae-9b22-3a9a-3d4a-067c51a22452@redhat.com"
type="cite">
<blockquote
cite="mid:dae97497-2ee4-3533-da66-f548500773a6@redhat.com"
type="cite"> Could not load host key:
/etc/ssh/ssh_host_dsa_key <br>
</blockquote>
</blockquote>
This is because by default sshd looks for all of
/etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key,
/etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key, but
Fedora doesn't generate a DSA key by default.<br>
<blockquote
cite="mid:3fe0b9ae-9b22-3a9a-3d4a-067c51a22452@redhat.com"
type="cite">
<blockquote
cite="mid:dae97497-2ee4-3533-da66-f548500773a6@redhat.com"
type="cite"> """ <br>
<br>
Since the script causing the message only looks at the return
code from sshd to determine the right options to use, I
thought it might be ok to discard the output. What do you
think? <br>
<br>
Ben <br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
Hello, I don't like to hiding errors/warnings. Can you determine
and solve the root cause?<br>
</blockquote>
<br>
I definitely agree with this in principle, but in this case the
purpose of this code is to try different, potentially wrong,
parameters to sshd until it finds a combination that it accepts.
It seems like in some environments this would produce error
messages that aren't actionable and don't indicate any problem for
package function, which is why I didn't think these messages were
necessarily worth preserving.<br>
<br>
On the other hand, if the code makes the wrong decision about sshd
version we might be interested in error logs that show why. Can we
log this to a file instead of the console, maybe?<br>
<br>
If you'd prefer just addressing the root cause, a patch that
prevents the missing host key error is attached, but it won't stop
the error messages showing up when openssh is an older version.<br>
<br>
Thanks,<br>
Ben<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
Whoops, realized that my patch created a tempfile and didn't delete
it. Updated.<br>
<br>
</body>
</html>