Mailinglist Archive: opensuse-bugs (5344 mails)
| < Previous | Next > |
[Bug 281228] New: /etc/init.d/sshd has hardcoded ssh_host_keys
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Tue, 5 Jun 2007 17:27:29 -0600 (MDT)
- Message-id: <bug-281228-21960@xxxxxxxxxxxxxxxxxxxxxxxxx/>
https://bugzilla.novell.com/show_bug.cgi?id=281228
Summary: /etc/init.d/sshd has hardcoded ssh_host_keys
Product: openSUSE 10.2
Version: Final
Platform: All
OS/Version: openSUSE 10.2
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Network
AssignedTo: anicka@xxxxxxxxxx
ReportedBy: lrupp@xxxxxxxxxx
QAContact: qa@xxxxxxx
/etc/init.d/sshd contains:
case "$1" in
start)
if ! test -f /etc/ssh/ssh_host_key ; then
echo Generating /etc/ssh/ssh_host_key.
ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N ''
fi
[...]
But as described in /etc/ssh/sshd_config :
HostKey /etc/ssh/ssh_host_key
The hostkey is a config option and can be changed by the user.
So the init script should first check the config file and afterwards create
and/or use the correct hostkey as described in the config and no hardcoded
keyfile. Using a fallback is no problem here, but generating the files even if
the user has decided to use other names for them is irritating.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
Summary: /etc/init.d/sshd has hardcoded ssh_host_keys
Product: openSUSE 10.2
Version: Final
Platform: All
OS/Version: openSUSE 10.2
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Network
AssignedTo: anicka@xxxxxxxxxx
ReportedBy: lrupp@xxxxxxxxxx
QAContact: qa@xxxxxxx
/etc/init.d/sshd contains:
case "$1" in
start)
if ! test -f /etc/ssh/ssh_host_key ; then
echo Generating /etc/ssh/ssh_host_key.
ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N ''
fi
[...]
But as described in /etc/ssh/sshd_config :
HostKey /etc/ssh/ssh_host_key
The hostkey is a config option and can be changed by the user.
So the init script should first check the config file and afterwards create
and/or use the correct hostkey as described in the config and no hardcoded
keyfile. Using a fallback is no problem here, but generating the files even if
the user has decided to use other names for them is irritating.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
| < Previous | Next > |