Bug 244492

Summary: /etc/rc.d/sshd: Warn about missing ssh-keygen only when necessary
Product: Base System Reporter: Mateusz Piotrowski <0mp>
Component: binAssignee: freebsd-rc (Nobody) <rc>
Status: Closed FIXED    
Severity: Affects Only Me CC: jilles
Priority: --- Keywords: patch
Version: Unspecified   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
sshd service patch none

Description Mateusz Piotrowski freebsd_committer freebsd_triage 2020-02-28 10:33:14 UTC 
Created attachment 212017 [details]
sshd service patch

The sshd service is using ssh-keygen to generate missing SSH keys. If ssh-keygen is missing, it prints the following message:

> /etc/rc.d/sshd: WARNING: /usr/bin/ssh-keygen does not exist.

It makes sense when the key is not generated yet and cannot be created because ssh-keygen is missing.

The problem is that even if the key is present on the host, the sshd service would still warn about missing ssh-keygen (even though it does not need it).
Comment 1 Jilles Tjoelker freebsd_committer freebsd_triage 2020-02-29 23:00:58 UTC 
This looks useful for cloud or other minimal environments. However, pregenerating keys has its own challenges such as keeping them unique.
Comment 2 Mateusz Piotrowski freebsd_committer freebsd_triage 2020-03-01 22:42:34 UTC 
I posted the patch to Phabricator:
https://reviews.freebsd.org/D23911
Comment 3 Mark Linimon freebsd_committer freebsd_triage 2020-08-15 05:00:29 UTC 
^Triage: committed via D23911 as rS359973 20200415.