Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 586912 Details for
Bug 825321
SSH Tech Preview feature enabled by default in ipa-client
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patch to configure ssh/sshd config files only when requested
rcrit.patch (text/plain), 9.45 KB, created by
Rob Crittenden
on 2012-05-25 17:45:27 UTC
(
hide
)
Description:
Patch to configure ssh/sshd config files only when requested
Filename:
MIME Type:
Creator:
Rob Crittenden
Created:
2012-05-25 17:45:27 UTC
Size:
9.45 KB
patch
obsolete
>From d91014a6137568f0dbc4b019478700a7cc6315b8 Mon Sep 17 00:00:00 2001 >From: Rob Crittenden <rcritten@redhat.com> >Date: Fri, 25 May 2012 13:43:24 -0400 >Subject: [PATCH] Disable SSH support by default, it is in tech preview. > >By default ipa-client-install will not enable SSH features. > >https://bugzilla.redhat.com/show_bug.cgi?id=825321 >--- > install/tools/ipa-replica-install | 12 ++++++++---- > install/tools/ipa-server-install | 12 ++++++++---- > install/tools/man/ipa-replica-install.1 | 7 +++++-- > install/tools/man/ipa-server-install.1 | 10 +++++++--- > ipa-client/ipa-install/ipa-client-install | 8 +++++--- > ipa-client/man/ipa-client-install.1 | 10 +++++++--- > 6 files changed, 40 insertions(+), 19 deletions(-) > >diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install >index 7cfe7627e2d0b85d3584ab757c3ca5b78c51b801..8beeaa29c6765bbad301f10e19c0286604cdf106 100755 >--- a/install/tools/ipa-replica-install >+++ b/install/tools/ipa-replica-install >@@ -64,10 +64,12 @@ def parse_options(): > help="do not configure ntp", default=True) > basic_group.add_option("--no-ui-redirect", dest="ui_redirect", action="store_false", > default=True, help="Do not automatically redirect to the Web UI") >+ basic_group.add_option("--configure-ssh", dest="conf_ssh", default=False, action="store_true", >+ help="configure OpenSSH client to use SSH features provided by IPA server") > basic_group.add_option("--ssh-trust-dns", dest="trust_sshfp", default=False, action="store_true", > help="configure OpenSSH client to trust DNS SSHFP records") >- basic_group.add_option("--no-sshd", dest="conf_sshd", default=True, action="store_false", >- help="do not configure OpenSSH server") >+ basic_group.add_option("--configure-sshd", dest="conf_sshd", default=False, action="store_true", >+ help="configure OpenSSH server to use SSH features provided by IPA server") > basic_group.add_option("--skip-conncheck", dest="skip_conncheck", action="store_true", > default=False, help="skip connection check to remote master") > basic_group.add_option("-d", "--debug", dest="debug", action="store_true", >@@ -488,8 +490,10 @@ def main(): > args.append("--no-dns-sshfp") > if options.trust_sshfp: > args.append("--ssh-trust-dns") >- if not options.conf_sshd: >- args.append("--no-sshd") >+ if options.conf_ssh: >+ args.append("--configure-ssh") >+ if options.conf_sshd: >+ args.append("--configure-sshd") > ipautil.run(args) > except Exception, e: > print "Configuration of client side components failed!" >diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install >index 2f06a9e879902eb1c2ac340757fcd1762959fe30..9ac5ceabde6372c55fc63b9be1be1438dc0fe322 100755 >--- a/install/tools/ipa-server-install >+++ b/install/tools/ipa-server-install >@@ -145,10 +145,12 @@ def parse_options(): > help="Don't install allow_all HBAC rule") > basic_group.add_option("--no-ui-redirect", dest="ui_redirect", action="store_false", > default=True, help="Do not automatically redirect to the Web UI") >+ basic_group.add_option("--configure-ssh", dest="conf_ssh", default=False, action="store_true", >+ help="configure OpenSSH client to use SSH features provided by IPA server") > basic_group.add_option("--ssh-trust-dns", dest="trust_sshfp", default=False, action="store_true", > help="configure OpenSSH client to trust DNS SSHFP records") >- basic_group.add_option("--no-sshd", dest="conf_sshd", default=True, action="store_false", >- help="do not configure OpenSSH server") >+ basic_group.add_option("--configure-sshd", dest="conf_sshd", default=False, action="store_true", >+ help="configure OpenSSH server to use SSH features provided by IPA server") > basic_group.add_option("-d", "--debug", dest="debug", action="store_true", > default=False, help="print debugging information") > basic_group.add_option("-U", "--unattended", dest="unattended", action="store_true", >@@ -1053,8 +1055,10 @@ def main(): > args.append("--no-dns-sshfp") > if options.trust_sshfp: > args.append("--ssh-trust-dns") >- if not options.conf_sshd: >- args.append("--no-sshd") >+ if options.conf_ssh: >+ args.append("--configure-ssh") >+ if options.conf_sshd: >+ args.append("--configure-sshd") > run(args) > except Exception, e: > sys.exit("Configuration of client side components failed!\nipa-client-install returned: " + str(e)) >diff --git a/install/tools/man/ipa-replica-install.1 b/install/tools/man/ipa-replica-install.1 >index 1a0f89a410b3409adbc790b114d14fee8e9e1952..9a4055870113748ef10ac2d290938c42135ed668 100644 >--- a/install/tools/man/ipa-replica-install.1 >+++ b/install/tools/man/ipa-replica-install.1 >@@ -54,8 +54,11 @@ Do not automatically redirect to the Web UI. > \fB\-\-ssh\-trust\-dns\fR > Configure OpenSSH client to trust DNS SSHFP records. > .TP >-\fB\-\-no\-sshd\fR >-Do not configure OpenSSH server. >+\fB\-\-configure\-ssh\fR >+Configure OpenSSH client to use SSH features provided by IPA server. This allows the ssh client to look up host keys in IPA. >+.TP >+\fB\-\-configure\-sshd\fR >+Configure OpenSSH server to use SSH features provided by IPA server. This configures sshd to use GSSAPI and to use sssd to look up user's keys in IPA. > .TP > \fB\-\-skip\-conncheck\fR > Skip connection check to remote master >diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 >index b69c720597df6a578b08514ebccce59c1983c73e..9b1788ed335313da605e448cfad97300cd04ea77 100644 >--- a/install/tools/man/ipa-server-install.1 >+++ b/install/tools/man/ipa-server-install.1 >@@ -63,12 +63,16 @@ Don't install allow_all HBAC rule. This rule lets any user from any host access > \fB\-\-no\-ui\-redirect\fR > Do not automatically redirect to the Web UI. > .TP >+\fB\-\-configure\-ssh\fR >+Configure OpenSSH client to use SSH features provided by IPA server. This allows the ssh client to look up host keys in IPA. >+.TP >+\fB\-\-configure\-sshd\fR >+Configure OpenSSH server to use SSH features provided by IPA server. This config >+ures sshd to use GSSAPI and to use sssd to look up user's keys in IPA. >+.TP > \fB\-\-ssh\-trust\-dns\fR > Configure OpenSSH client to trust DNS SSHFP records. > .TP >-\fB\-\-no\-sshd\fR >-Do not configure OpenSSH server. >-.TP > \fB\-d\fR, \fB\-\-debug\fR > Enable debug logging when more verbose output is needed > .TP >diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install >index 6854581d205d628f9110f71283bffab476f7b115..17981009b728b3318965ab9e2c0220ddce47fdc4 100755 >--- a/ipa-client/ipa-install/ipa-client-install >+++ b/ipa-client/ipa-install/ipa-client-install >@@ -84,10 +84,12 @@ def parse_options(): > basic_group.add_option("--ntp-server", dest="ntp_server", help="ntp server to use") > basic_group.add_option("-N", "--no-ntp", action="store_false", > help="do not configure ntp", default=True, dest="conf_ntp") >+ basic_group.add_option("--configure-ssh", dest="conf_ssh", default=False, action="store_true", >+ help="configure OpenSSH client to use SSH features provided by IPA server") > basic_group.add_option("--ssh-trust-dns", dest="trust_sshfp", default=False, action="store_true", > help="configure OpenSSH client to trust DNS SSHFP records") >- basic_group.add_option("--no-sshd", dest="conf_sshd", default=True, action="store_false", >- help="do not configure OpenSSH server") >+ basic_group.add_option("--configure-sshd", dest="conf_sshd", default=False, action="store_true", >+ help="configure OpenSSH server to use SSH features provided by IPA server") > basic_group.add_option("--no-dns-sshfp", dest="create_sshfp", default=True, action="store_false", > help="do not automatically create DNS SSHFP records") > basic_group.add_option("--noac", dest="no_ac", default=False, action="store_true", >@@ -854,7 +856,7 @@ def configure_ssh(fstore, ssh_dir, options): > ssh_config = os.path.join(ssh_dir, 'ssh_config') > sshd_config = os.path.join(ssh_dir, 'sshd_config') > >- if file_exists(ssh_config): >+ if options.conf_ssh and file_exists(ssh_config): > fstore.backup_file(ssh_config) > > changes = {} >diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1 >index cf3db2e682febe70fe1e616dbe8b17529d09e973..6e51ee6bffd4f3b24c79462e3b864ec4fabc972b 100644 >--- a/ipa-client/man/ipa-client-install.1 >+++ b/ipa-client/man/ipa-client-install.1 >@@ -68,12 +68,16 @@ Configure ntpd to use this NTP server. > \fB\-N\fR, \fB\-\-no\-ntp\fR > Do not configure or enable NTP. > .TP >+\fB\-\-configure\-ssh\fR >+Configure OpenSSH client to use SSH features provided by IPA server. This allows the ssh client to look up host keys in IPA. >+.TP >+\fB\-\-configure\-sshd\fR >+Configure OpenSSH server to use SSH features provided by IPA server. This config >+ures sshd to use GSSAPI and to use sssd to look up user's keys in IPA. >+.TP > \fB\-\-ssh\-trust\-dns\fR > Configure OpenSSH client to trust DNS SSHFP records. > .TP >-\fB\-\-no\-sshd\fR >-Do not configure OpenSSH server. >-.TP > \fB\-\-no\-dns\-sshfp\fR > Do not automatically create DNS SSHFP records. > .TP >-- >1.7.10.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=586912">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
mkosek
: review+
Actions:
View
|
Diff
Attachments on
bug 825321
:
586903
| 586912