NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/56835: sshd startup script produces very misleading "UNSAFE KEYS" warnings



The following reply was made to PR bin/56835; it has been noted by GNATS.

From: Robert Elz <kre%munnari.OZ.AU@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: bin/56835: sshd startup script produces very misleading "UNSAFE KEYS" warnings
Date: Sun, 15 May 2022 07:48:55 +0700

     Date:        Sat, 14 May 2022 18:25:01 +0000 (UTC)
     From:        tgl%sss.pgh.pa.us@localhost
     Message-ID:  <20220514182501.49BA21A923E%mollari.NetBSD.org@localhost>
 
 No coment here on the need for some change here, but if
 something like this patch was to be applied:
 
   |
   | Index: sshd
   | ===================================================================
   | RCS file: /cvsroot/src/etc/rc.d/sshd,v
   | retrieving revision 1.31
   | diff -u -r1.31 sshd
   | --- sshd        26 Sep 2021 10:53:20 -0000      1.31
   | +++ sshd        14 May 2022 17:54:16 -0000
   | @@ -45,6 +45,7 @@
   |  (
   |         keygen="/usr/bin/ssh-keygen"
   |         umask 022
   | +       madesomething=no
 +       madesomething=false
   |         while read type bits filename;  do
   |                 f="/etc/ssh/$filename"
   |                 if [ "$1" != "force" ] && [ -f "$f" ]; then
   | @@ -58,14 +59,17 @@
   |                 esac
   |                 "${keygen}" -t "${type}" ${bitarg} -f "${f}" -N '' -q && \
   |                     printf "ssh-keygen: " && "${keygen}" -f "${f}" -l
   | +               madesomething=yes
 +               madesomething=true
   |         done << _EOF
   |  dsa    1024    ssh_host_dsa_key
   |  ecdsa  521     ssh_host_ecdsa_key
   |  ed25519        -1      ssh_host_ed25519_key
   |  rsa    0       ssh_host_rsa_key
   |  _EOF
   | +       if [ "$madesomething" = yes ]; then
 +       if "$madesomething"; then
   | +           sshd_motd_unsafe_keys_warning
   | +       fi
   |  )
   | -       sshd_motd_unsafe_keys_warning
   |  }
   |  
   |  sshd_precmd()
   |
 
 is a better way to code it.
 


Home | Main Index | Thread Index | Old Index