Bug 244492 - /etc/rc.d/sshd: Warn about missing ssh-keygen only when necessary
Summary: /etc/rc.d/sshd: Warn about missing ssh-keygen only when necessary
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: Unspecified
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-rc (Nobody)
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2020-02-28 10:33 UTC by Mateusz Piotrowski
Modified: 2020-08-15 05:00 UTC (History)
1 user (show)

See Also:

Attachments
sshd service patch (716 bytes, patch)
2020-02-28 10:33 UTC, Mateusz Piotrowski 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mateusz Piotrowski freebsd_committer freebsd_triage 2020-02-28 10:33:14 UTC 
Created attachment 212017 [details]
sshd service patch

The sshd service is using ssh-keygen to generate missing SSH keys. If ssh-keygen is missing, it prints the following message:

> /etc/rc.d/sshd: WARNING: /usr/bin/ssh-keygen does not exist.

It makes sense when the key is not generated yet and cannot be created because ssh-keygen is missing.

The problem is that even if the key is present on the host, the sshd service would still warn about missing ssh-keygen (even though it does not need it).
Comment 1 Jilles Tjoelker freebsd_committer freebsd_triage 2020-02-29 23:00:58 UTC 
This looks useful for cloud or other minimal environments. However, pregenerating keys has its own challenges such as keeping them unique.
Comment 2 Mateusz Piotrowski freebsd_committer freebsd_triage 2020-03-01 22:42:34 UTC 
I posted the patch to Phabricator:
https://reviews.freebsd.org/D23911
Comment 3 Mark Linimon freebsd_committer freebsd_triage 2020-08-15 05:00:29 UTC 
^Triage: committed via D23911 as rS359973 20200415.