Re: [HEADS UP] OpenSSH with updated sshd-keygen in Rawhide (and F24) (#1325535)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 04/13/2016 02:37 PM, Jakub Jelen wrote:

Hi devels,
after few iterations with systemd people we managed to put together new (instantiated by key) sshd-keygen service complying with packaging guidelines and improving usability [1]. It is currently built for Rawhide [2].
I understand it is not quite good time, but it would be great to push this also into the Fedora 24 so we would not have to wait another release cycle to test it properly. Let me know if you have some concerns against updating F24 package in this phase, check the frequently asked questions below, or answer this email. 


QA session:

What is even the sshd-keygen service?
* It is one-shot service running during first boot, before starting sshd server. It takes care of generating host keys and it also can create you new host keys if you are interested in new set. 

What was wrong with the old version?
 * It was basically init.d script moved into the /sbin/

What is better on the new one?
* If you want to configure generation of different keys than default set, you need to do that on three places: 
   * Modify  AUTOCREATE_SERVER_KEYS  in  /etc/sysconfig/sshd
   * Modify  /etc/systemd/system/sshd-keygen.service  to trigger script
   * systemctl daemon-reload
* With new version, it should be possible to enable/disable key type generation simply using 
   * systemctl enable sshd-keygen@dsa.service

What are changes to existing systems?
 * Default installations should not notice any difference
* If you modified AUTOCREATE_SERVER_KEYS, you need to do appropriate enable/disable for your interested key. 
 * New installations should create default keys as before.

Fedora 23?
* No, this change will not go into Fedora 23 to "break" existing setups.
If you have some more questions, add your own. Also comments are welcomed. 

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1325535
[2] http://koji.fedoraproject.org/koji/taskinfo?taskID=13645383

Fedora 24 update:
https://bodhi.fedoraproject.org/updates/FEDORA-2016-965bd6926e
It would love to see some testing. Existing setups and related test cases would be appreciated. 

Kind regards,

--
Jakub Jelen
Associate Software Engineer
Security Technologies
Red Hat
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux