Bug 235466

Summary: sshd init.d script should allow override of server key creation
Product: [Fedora] Fedora Reporter: James Ralston <ralston>
Component: opensshAssignee: Tomas Mraz <tmraz>
Status: CLOSED RAWHIDE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: mattdm
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: openssh-4.5p1-8.fc8 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-08-09 18:39:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
add support for NO_AUTOCREATE_SERVER_KEYS setting
none
add support for overriding autocreation of HostKeys none

Description James Ralston 2007-04-05 22:17:39 UTC 
(I am filing this bug against FC7test3, but it applies to all versions of FC and
RHEL.)

Currently, /etc/rc.d/init.d/sshd unconditionally creates any server keys which
are missing:

/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_dsa_key

This is irritating, because we define specific (and limited) HostKeys in
/etc/ssh/sshd_config, and don't want the extra HostKeys lying around.

This patch will make it so that setting NO_AUTOCREATE_SERVER_KEYS to NO in
/etc/sysconfig/sshd will cause the sshd init.d file not to automatically create
HostKeys.
Comment 1 James Ralston 2007-04-05 22:17:39 UTC 
Created attachment 151814 [details]
add support for NO_AUTOCREATE_SERVER_KEYS setting
Comment 2 James Ralston 2007-04-05 22:22:13 UTC 
Created attachment 151815 [details]
add support for overriding autocreation of HostKeys

Actually, I just realized that variable is poorly named, as setting it requires
a double negative.  Simply AUTOCREATE_SERVER_KEYS is better.
Comment 3 Matthew Miller 2007-04-10 16:27:12 UTC 
Fedora 7 test bugs should be filed against "devel", not against test1/2/3. This
isn't obvious, I know. Moving this report so it isn't lost.

This is a bulk message -- I apologize if this was actually meant to be targeted
against a different release. If so, please fix or let me know. Thanks.