Re: [PATCH 1/1] update error messages about moduli and primes files

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Thanks to Christian Hesse <mail at eworm.de> for fixing a logging bug. The logit() messages are identical in releases 6.6 through 6.9.

Question: Could this patch be backported to older releases as well? Then it would appear in major distributions using 6.6, for example RHEL 7 and CentOS 7, and become helpful to a lot of users.

Furthermore, I would like to add a suggestion for the patch:

We're running an OpenSSH server on CentOS 7.1 (RPM: openssh-6.6.1p1-12.el7_1.x86_64) and we have seen some puzzling warnings (related to the above patch) in the syslog:
  sshd[16815]: WARNING: /etc/ssh/moduli does not exist, using fixed modulus

It turned out that my /etc/ssh/moduli file had gotten an erroneous SELinux security context by mistake. The correct SELinux security context is:
# ls -Z /etc/ssh/moduli
-rw-r--r--. root root unconfined_u:object_r:etc_t:s0   /etc/ssh/moduli

Suggestion: Could you replace the logit() warning message:
  logit("WARNING: neither %s nor %s exists, using fixed modulus",
by a possibly more informative message:
  logit("WARNING: neither %s nor %s can be opened, using fixed modulus",

Thanks,
Ole

--
Ole Holm Nielsen
Department of Physics, Technical University of Denmark
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux