Mailinglist Archive: opensuse-bugs (5344 mails)
| < Previous | Next > |
[Bug 281228] /etc/init.d/sshd has hardcoded ssh_host_keys
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Thu, 7 Jun 2007 03:19:37 -0600 (MDT)
- Message-id: <20070607091937.4029ECC782@xxxxxxxxxxxxxxxxxxxxxx>
https://bugzilla.novell.com/show_bug.cgi?id=281228
------- Comment #5 from bugzilla_opensuse@xxxxxxxxxx 2007-06-07 03:19 MST -------
I answer myself:
I created /etc/ssh/sshd_config-TEST, and changed the entrys:
# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key--TEST
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key--TEST
HostKey /etc/ssh/ssh_host_dsa_key--TEST
Then I started sshd without creating the keys:
=====================================================
#/usr/sbin/sshd -f /etc/ssh/sshd_config-TEST
Could not load host key: /etc/ssh/ssh_host_key--TEST
Could not load host key: /etc/ssh/ssh_host_rsa_key--TEST
Could not load host key: /etc/ssh/ssh_host_dsa_key--TEST
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
=====================================================
So, the keys must be present.
I would like to see an automatic check in /etc/init.d/sshd, to see wether other
names for the keys should be used.
Of course one could change /etc/init.d/sshd to match the keynames, but what
would happen if there is an update for that script?
And, as Lars said, other keynames are explicitly allowed, so this should be
possible.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
------- Comment #5 from bugzilla_opensuse@xxxxxxxxxx 2007-06-07 03:19 MST -------
I answer myself:
I created /etc/ssh/sshd_config-TEST, and changed the entrys:
# HostKey for protocol version 1
HostKey /etc/ssh/ssh_host_key--TEST
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key--TEST
HostKey /etc/ssh/ssh_host_dsa_key--TEST
Then I started sshd without creating the keys:
=====================================================
#/usr/sbin/sshd -f /etc/ssh/sshd_config-TEST
Could not load host key: /etc/ssh/ssh_host_key--TEST
Could not load host key: /etc/ssh/ssh_host_rsa_key--TEST
Could not load host key: /etc/ssh/ssh_host_dsa_key--TEST
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
=====================================================
So, the keys must be present.
I would like to see an automatic check in /etc/init.d/sshd, to see wether other
names for the keys should be used.
Of course one could change /etc/init.d/sshd to match the keynames, but what
would happen if there is an update for that script?
And, as Lars said, other keynames are explicitly allowed, so this should be
possible.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
| < Previous | Next > |