953111 – shell syntax in default environment file /etc/sysconfig/sshd

Bug 953111 - shell syntax in default environment file /etc/sysconfig/sshd

Summary: shell syntax in default environment file /etc/sysconfig/sshd

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	openssh
Sub Component:
Version:	18
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Petr Lautrbach
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-04-17 11:51 UTC by Michal Schmidt
Modified:	2013-04-26 00:57 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2013-04-26 00:57:17 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Michal Schmidt 2013-04-17 11:51:13 UTC

Description of problem:
/etc/sysconfig/sshd contains this line:
export SSH_USE_STRONG_RNG=0

The file is used as EnvironmentFile in the systemd unit file sshd.service. systemd environment files are not shell scripts. systemd does not understand the "export" keyword. systemd treats it as an assignment to the key "export SSH_USE_STRONG_RNG", which is an invalid key name, so it's thrown away.

Version-Release number of selected component (if applicable):
openssh-6.1p1-6.fc18.x86_64

How reproducible:
always

Steps to Reproduce:
1. Start sshd.service with the default configuration.
2. xxd /proc/$(pidof sshd)/environ
  
Actual results:
See that SSH_USE_STRONG_RNG is not present in the process's environment.

Expected results:
I actually do not think that setting environment variables is the best way to configure services. I would very much prefer if there were an option called UseStrongRNG somewhere in /etc/ssh/.

Comment 1 Petr Lautrbach 2013-04-17 14:53:51 UTC

good catch, thanks

> Expected results:
> I actually do not think that setting environment variables is the best way
> to configure services. I would very much prefer if there were an option
> called UseStrongRNG somewhere in /etc/ssh/.

The environment variable is used also in ssh client, ssh-keygen, ssh-keysign ... so this kind of configuration is same among all parts of openssh.

Comment 2 Fedora Update System 2013-04-17 15:48:33 UTC

openssh-6.2p1-4.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/openssh-6.2p1-4.fc19

Comment 3 Fedora Update System 2013-04-17 16:19:32 UTC

openssh-6.1p1-7.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/openssh-6.1p1-7.fc18

Comment 4 Fedora Update System 2013-04-18 02:28:35 UTC

Package openssh-6.1p1-7.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing openssh-6.1p1-7.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-5918/openssh-6.1p1-7.fc18
then log in and leave karma (feedback).

Comment 5 Fedora Update System 2013-04-23 03:40:08 UTC

openssh-6.2p1-4.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2013-04-26 00:57:19 UTC

openssh-6.1p1-8.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.