On 07/ 6/10 06:19 PM, Ethan Quach wrote:
On 07/06/10 09:15, Ethan Quach wrote:
On 07/06/10 07:28, Jan Damborsky wrote:
[...]
/lib/svc/method/sshd
--------------------
Since start method ofsvc:/network/ssh:default was enhanced to
automatically
generate ssh keys in case they don't exist, we no longer need to
take care
of this task explicitly:
...
'start')
#
# If host keys don't exist when the service is started, create
# them; sysidconfig is not run in every situation (such as on
# the install media).
#
create_key $SSHDIR/ssh_host_rsa_key rsa
create_key $SSHDIR/ssh_host_dsa_key dsa
/usr/lib/ssh/sshd
;;
...
See also bug 15618.
But what about sys-unconfig? At this time, doesn't zone cloning still
depend on this cleaning out the original zone's ssh keys?
Nevermind. I just looked at the code, the removal of the keys
is done in sys-unconfig itself, not the sshd method script.
Yep.
The final goal here is to have that removal mechanism covered by
svc:/network/ssh:default service.
But before we can do this, we need to have appropriate infrastructure
for unconfiguration/reconfiguration in place.
Also, these changes do not affect zones, since zones use their own
installer:
http://src.opensolaris.org/source/xref/pkg/gate/src/brand/pkgcreatezone
In particular, sysid related code:
...
#
# Make sure sysidtools run; we manually poke in the SSH action
# so that we get an SSH key. Yes, this is seriously borken.
# See http://defect.opensolaris.org/bz/show_bug.cgi?id=741
#
printf "$m_more_brokenness\n"
/usr/sbin/sysidconfig -b $ZONEROOT -a /lib/svc/method/sshd
touch $ZONEROOT/etc/.UNCONFIGURED
...
The changes look fine.
Thank you very much for review !
Jan
_______________________________________________
caiman-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/caiman-discuss
