Bug 235466 - sshd init.d script should allow override of server key creation
sshd init.d script should allow override of server key creation
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-04-05 18:17 EDT by James Ralston
Modified: 2007-11-30 17:12 EST (History)
1 user (show)

See Also:
Fixed In Version: openssh-4.5p1-8.fc8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-09 14:39:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
add support for NO_AUTOCREATE_SERVER_KEYS setting (439 bytes, patch)
2007-04-05 18:17 EDT, James Ralston
no flags Details | Diff
add support for overriding autocreation of HostKeys (436 bytes, patch)
2007-04-05 18:22 EDT, James Ralston
no flags Details | Diff

  None (edit)
Description James Ralston 2007-04-05 18:17:39 EDT
(I am filing this bug against FC7test3, but it applies to all versions of FC and
RHEL.)

Currently, /etc/rc.d/init.d/sshd unconditionally creates any server keys which
are missing:

/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_dsa_key

This is irritating, because we define specific (and limited) HostKeys in
/etc/ssh/sshd_config, and don't want the extra HostKeys lying around.

This patch will make it so that setting NO_AUTOCREATE_SERVER_KEYS to NO in
/etc/sysconfig/sshd will cause the sshd init.d file not to automatically create
HostKeys.
Comment 1 James Ralston 2007-04-05 18:17:39 EDT
Created attachment 151814 [details]
add support for NO_AUTOCREATE_SERVER_KEYS setting
Comment 2 James Ralston 2007-04-05 18:22:13 EDT
Created attachment 151815 [details]
add support for overriding autocreation of HostKeys

Actually, I just realized that variable is poorly named, as setting it requires
a double negative.  Simply AUTOCREATE_SERVER_KEYS is better.
Comment 3 Matthew Miller 2007-04-10 12:27:12 EDT
Fedora 7 test bugs should be filed against "devel", not against test1/2/3. This
isn't obvious, I know. Moving this report so it isn't lost.

This is a bulk message -- I apologize if this was actually meant to be targeted
against a different release. If so, please fix or let me know. Thanks.

Note You need to log in before you can comment on or make changes to this bug.