Use existing HostKey config to test sshd

Prevents sshd from producing warning messages on package upgrade because not all of the default host key files (/etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key, /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key) are present. Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
author: Ben Lipton <blipton@redhat.com> 2016-07-07 10:28:04 -0400
committer: Martin Basti <mbasti@redhat.com> 2016-08-08 14:24:23 +0200
commit: c15ba1f9e8c7d236586d46271fce7c3950b509da (patch)
tree: 26ad033efcbd8bc2ba4326e4924e2d426e129541 /freeipa.spec.in
parent: bd5746c538a4e1e7f312de7475eaaa4ce6446cc3 (diff)
download: freeipa-c15ba1f9e8c7d236586d46271fce7c3950b509da.tar.gz
freeipa-c15ba1f9e8c7d236586d46271fce7c3950b509da.tar.xz
freeipa-c15ba1f9e8c7d236586d46271fce7c3950b509da.zip
1 files changed, 7 insertions, 3 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 135e9c980..a9f976d6a 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -1007,17 +1007,21 @@ if [ -f '/etc/ssh/sshd_config' -a $restore -ge 2 ]; then
             /^(AuthorizedKeysCommand(User|RunAs)|PubKeyAgentRunAs)[ \t]/ d
         ' /etc/ssh/sshd_config >/etc/ssh/sshd_config.ipanew
 
-        if /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandUser=nobody'; then
+        # Prevent complaints about missing host keys by using the configured ones
+        tmp_config=$(mktemp sshd_config.XXXXXX)
+        sed -n '/^HostKey[ \t]/ p' /etc/ssh/sshd_config > $tmp_config
+
+        if /usr/sbin/sshd -t -f $tmp_config -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandUser=nobody'; then
             sed -ri '
                 s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/
                 s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandUser nobody/
             ' /etc/ssh/sshd_config.ipanew
-        elif /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandRunAs=nobody'; then
+        elif /usr/sbin/sshd -t -f $tmp_config -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandRunAs=nobody'; then
             sed -ri '
                 s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/
                 s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandRunAs nobody/
             ' /etc/ssh/sshd_config.ipanew
-        elif /usr/sbin/sshd -t -f /dev/null -o 'PubKeyAgent=/usr/bin/sss_ssh_authorizedkeys %u' -o 'PubKeyAgentRunAs=nobody'; then
+        elif /usr/sbin/sshd -t -f $tmp_config -o 'PubKeyAgent=/usr/bin/sss_ssh_authorizedkeys %u' -o 'PubKeyAgentRunAs=nobody'; then
             sed -ri '
                 s/^AuthorizedKeysCommand (.+)$/PubKeyAgent \1 %u/
                 s/^PubKeyAgent .*$/\0\nPubKeyAgentRunAs nobody/
author	Ben Lipton <blipton@redhat.com>	2016-07-07 10:28:04 -0400
committer	Martin Basti <mbasti@redhat.com>	2016-08-08 14:24:23 +0200
commit	c15ba1f9e8c7d236586d46271fce7c3950b509da (patch)
tree	26ad033efcbd8bc2ba4326e4924e2d426e129541 /freeipa.spec.in
parent	bd5746c538a4e1e7f312de7475eaaa4ce6446cc3 (diff)
download	freeipa-c15ba1f9e8c7d236586d46271fce7c3950b509da.tar.gz freeipa-c15ba1f9e8c7d236586d46271fce7c3950b509da.tar.xz freeipa-c15ba1f9e8c7d236586d46271fce7c3950b509da.zip