NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/56835: sshd startup script produces very misleading "UNSAFE KEYS" warnings
The following reply was made to PR bin/56835; it has been noted by GNATS.
From: Robert Elz <kre%munnari.OZ.AU@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc:
Subject: Re: bin/56835: sshd startup script produces very misleading "UNSAFE KEYS" warnings
Date: Sun, 15 May 2022 07:48:55 +0700
Date: Sat, 14 May 2022 18:25:01 +0000 (UTC)
From: tgl%sss.pgh.pa.us@localhost
Message-ID: <20220514182501.49BA21A923E%mollari.NetBSD.org@localhost>
No coment here on the need for some change here, but if
something like this patch was to be applied:
|
| Index: sshd
| ===================================================================
| RCS file: /cvsroot/src/etc/rc.d/sshd,v
| retrieving revision 1.31
| diff -u -r1.31 sshd
| --- sshd 26 Sep 2021 10:53:20 -0000 1.31
| +++ sshd 14 May 2022 17:54:16 -0000
| @@ -45,6 +45,7 @@
| (
| keygen="/usr/bin/ssh-keygen"
| umask 022
| + madesomething=no
+ madesomething=false
| while read type bits filename; do
| f="/etc/ssh/$filename"
| if [ "$1" != "force" ] && [ -f "$f" ]; then
| @@ -58,14 +59,17 @@
| esac
| "${keygen}" -t "${type}" ${bitarg} -f "${f}" -N '' -q && \
| printf "ssh-keygen: " && "${keygen}" -f "${f}" -l
| + madesomething=yes
+ madesomething=true
| done << _EOF
| dsa 1024 ssh_host_dsa_key
| ecdsa 521 ssh_host_ecdsa_key
| ed25519 -1 ssh_host_ed25519_key
| rsa 0 ssh_host_rsa_key
| _EOF
| + if [ "$madesomething" = yes ]; then
+ if "$madesomething"; then
| + sshd_motd_unsafe_keys_warning
| + fi
| )
| - sshd_motd_unsafe_keys_warning
| }
|
| sshd_precmd()
|
is a better way to code it.
Home |
Main Index |
Thread Index |
Old Index