Bug 1105114
Summary: | openssh: keycat from openssh-server in RHEL-6 is distributed as a subpackage openssh-keycat | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Patrik Kis <pkis> |
Component: | preupgrade-assistant-contents | Assignee: | Petr Stodulka <pstodulk> |
Status: | CLOSED ERRATA | QA Contact: | Tereza Cerna <tcerna> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 6.7 | CC: | amahdal, fkluknav, jkurik, ovasik, phracek, pkis, plautrba, pstodulk, ttomecek |
Target Milestone: | rc | Keywords: | Extras |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: |
Feature: Preupgrade assistant detects openssh-keycat and gives warning about new openssh-keycat package.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2015-02-24 08:39:09 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Patrik Kis
2014-06-05 12:28:39 UTC
Adding Petr to cc... Petr, what do you think? Should we create module for it? If so, I tend to option 2, with medium risk informing user about the package split - so he can install it after upgrade, if keycat was in use on his system. If users followed HOWTO.ssh-keycat, they would be also affected by the change of AuthorizedKeysCommandRunAs from rhel-6 to AuthorizedKeysCommandUser in rhel-7 which is already covered by the content. So I personally would use option 2 - warn users about the change and let them install openssh-keycat package after upgrade, or maybe there can be a check if there's 'AuthorizedKeysCommand /usr/libexec/openssh/ssh-keycat' in the original sshd_config, install openssh-keycat during postupgrade phase. (In reply to Petr Lautrbach from comment #2) > or maybe there can be a > check if there's 'AuthorizedKeysCommand /usr/libexec/openssh/ssh-keycat' in > the original sshd_config, install openssh-keycat during postupgrade phase. IMHO this is a good idea. Why don't automate if we can. And if there is no AuthorizedKeysCommand in sshd_config, we could warn. Although, I don't know where else ssh-keycat can be used. For application of this content you need install openssh-server.. When you have set "AuthorizedKeysCommand /usr/libexec/openssh/ssh-keycat" inside /etc/ssh/sshd_config, openssh-keycat should be installed automatically on rhel-7 system by postupgrade script and content should be marked as "FIXED" with slight risk with message. In other case warning message will be printed with medium risk and openssh-keycat shouldn't be installed on RHEL-7 system. Merged to contents by commit http://git.app.eng.bos.redhat.com/git/preupgrade-assistant-contents.git/commit/?id=103ab330bb75b750182aeb6ec3bd61d79c0465c1 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0262.html |