Package: xen-tools
Version: 4.2-1
Severity: normal
Tags: patch
the hook /usr/lib/xen-tools/debian.d/70-install-ssh needlessly generates ssh
keys which could be left to the ssh package postinst itself.
if another earlier hook installs openssh-server, the openssh-server itself
sucessfully creates ssh keys, and then 70-install-ssh asks weather to override
the existing key:
Running hook 70-install-ssh
Generating public/private rsa key pair.
/tmp/KAoh4H3_UK/etc/ssh/ssh_host_rsa_key already exists.
Overwrite (y/n)? Generating public/private dsa key pair.
/tmp/KAoh4H3_UK/etc/ssh/ssh_host_dsa_key already exists.
but it only asks in the *log* file, so unless the user is watching the logs,
they won't know that it's waiting for the user to interact... and so it can
seem like it's stalled indefinitely on the "Running hooks" phase.
this patch removes direct calls to ssh-keygen, as the openssh-server package is
perfectly capable of generating host keys for itself:
--- 70-install-ssh.orig 2010-12-15 16:18:37.000000000 -0800
+++ 70-install-ssh 2010-12-15 16:35:15.000000000 -0800
@@ -27,31 +27,6 @@
logMessage Script $0 starting
#
-# Since our guests doesn't have an RNG, generate the keys from the host
-#
-# First, create an ssh directory
-#
-mkdir -p ${prefix}/etc/ssh
-
-#
-# Second, Generate the Host RSA Key
-#
-if ssh-keygen -t rsa -N "" -f ${prefix}/etc/ssh/ssh_host_rsa_key -C
"r...@${hostname}"; then
- logMessage "successfully generetaged Host RSA"
-else
- logMessage "failed to generate Host RSA Key"
-fi
-
-#
-# Third, Generate the Host DSA Key
-#
-if ssh-keygen -t dsa -N "" -f ${prefix}/etc/ssh/ssh_host_dsa_key -C
"r...@${hostname}"; then
- logMessage "successfully generetaged Host DSA"
-else
- logMessage "failed to generate Host DSA Key"
-fi
-
-#
# Install ssh
#
installDebianPackage ${prefix} openssh-server
from the comments, it seems the rationale for doing this is that there's no
random number generator available, but that didn't seem to be the case as far
as i could tell.
live well,
vagrant
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
