Bug 533339
Summary: | Make RSA1/DSA key generation optional | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Daniel Drake <dsd> |
Component: | openssh | Assignee: | Jan F. Chadima <jchadima> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 12 | CC: | jchadima, mgrepl, tmraz |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-08-27 03:21:53 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Daniel Drake
2009-11-06 08:04:42 UTC
actually, we'd like to eliminate DSA key generation too, just leaving RSA2. Just set AUTOCREATE_SERVER_KEYS=NO in the /etc/sysconfig/ssh and create the RSA key manually in the kickstart. That would result in every XO having the same RSA key. No, you would use the %post installation script in the kickstart to call the ssh-keygen to generate the key on the machine. Or if you distribute already preinstalled images you can generate the key directly in the /etc/sysconfig/ssh file - it is run by shell so you can call anything there. Could do, although seems a bit ugly. Is there no possibility of getting this added in a more official capacity? Well maybe the AUTOCREATE_SERVER_KEYS=RSAONLY might be done to be recognized by the init script. This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle. Changing version to '12'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping Thank you. I see this is fixed in F14 with AUTOCREATE_SERVER_KEYS=RSAONLY |