Bug 244492 - /etc/rc.d/sshd: Warn about missing ssh-keygen only when necessary
Summary: /etc/rc.d/sshd: Warn about missing ssh-keygen only when necessary
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: Unspecified
Hardware: Any Any
: --- Affects Only Me
Assignee: freebsd-rc (Nobody)
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2020-02-28 10:33 UTC by Mateusz Piotrowski
Modified: 2020-03-01 22:42 UTC (History)
1 user (show)

See Also:


Attachments
sshd service patch (716 bytes, patch)
2020-02-28 10:33 UTC, Mateusz Piotrowski
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Mateusz Piotrowski freebsd_committer 2020-02-28 10:33:14 UTC
Created attachment 212017 [details]
sshd service patch

The sshd service is using ssh-keygen to generate missing SSH keys. If ssh-keygen is missing, it prints the following message:

> /etc/rc.d/sshd: WARNING: /usr/bin/ssh-keygen does not exist.

It makes sense when the key is not generated yet and cannot be created because ssh-keygen is missing.

The problem is that even if the key is present on the host, the sshd service would still warn about missing ssh-keygen (even though it does not need it).
Comment 1 Jilles Tjoelker freebsd_committer 2020-02-29 23:00:58 UTC
This looks useful for cloud or other minimal environments. However, pregenerating keys has its own challenges such as keeping them unique.
Comment 2 Mateusz Piotrowski freebsd_committer 2020-03-01 22:42:34 UTC
I posted the patch to Phabricator:
https://reviews.freebsd.org/D23911