235466 – sshd init.d script should allow override of server key creation

Bug 235466 - sshd init.d script should allow override of server key creation

Summary: sshd init.d script should allow override of server key creation

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	openssh
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Tomas Mraz
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-04-05 22:17 UTC by James Ralston
Modified:	2007-11-30 22:12 UTC (History)
CC List:	1 user (show)
Fixed In Version:	openssh-4.5p1-8.fc8
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-08-09 18:39:54 UTC
Type:	---
Dependent Products:

Attachments	(Terms of Use)
add support for NO_AUTOCREATE_SERVER_KEYS setting (439 bytes, patch) 2007-04-05 22:17 UTC, James Ralston	no flags	Details \| Diff
add support for overriding autocreation of HostKeys (436 bytes, patch) 2007-04-05 22:22 UTC, James Ralston	no flags	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Description James Ralston 2007-04-05 22:17:39 UTC

(I am filing this bug against FC7test3, but it applies to all versions of FC and
RHEL.)

Currently, /etc/rc.d/init.d/sshd unconditionally creates any server keys which
are missing:

/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_dsa_key

This is irritating, because we define specific (and limited) HostKeys in
/etc/ssh/sshd_config, and don't want the extra HostKeys lying around.

This patch will make it so that setting NO_AUTOCREATE_SERVER_KEYS to NO in
/etc/sysconfig/sshd will cause the sshd init.d file not to automatically create
HostKeys.

Comment 1 James Ralston 2007-04-05 22:17:39 UTC

Created attachment 151814 [details]
add support for NO_AUTOCREATE_SERVER_KEYS setting

Comment 2 James Ralston 2007-04-05 22:22:13 UTC

Created attachment 151815 [details]
add support for overriding autocreation of HostKeys

Actually, I just realized that variable is poorly named, as setting it requires
a double negative.  Simply AUTOCREATE_SERVER_KEYS is better.

Comment 3 Matthew Miller 2007-04-10 16:27:12 UTC

Fedora 7 test bugs should be filed against "devel", not against test1/2/3. This
isn't obvious, I know. Moving this report so it isn't lost.

This is a bulk message -- I apologize if this was actually meant to be targeted
against a different release. If so, please fix or let me know. Thanks.

Note You need to log in before you can comment on or make changes to this bug.