diff options
author | Ben Lipton <blipton@redhat.com> | 2016-07-07 10:28:04 -0400 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-08-08 14:24:23 +0200 |
commit | c15ba1f9e8c7d236586d46271fce7c3950b509da (patch) | |
tree | 26ad033efcbd8bc2ba4326e4924e2d426e129541 /freeipa.spec.in | |
parent | bd5746c538a4e1e7f312de7475eaaa4ce6446cc3 (diff) | |
download | freeipa-c15ba1f9e8c7d236586d46271fce7c3950b509da.tar.gz freeipa-c15ba1f9e8c7d236586d46271fce7c3950b509da.tar.xz freeipa-c15ba1f9e8c7d236586d46271fce7c3950b509da.zip |
Use existing HostKey config to test sshd
Prevents sshd from producing warning messages on package upgrade because
not all of the default host key files (/etc/ssh/ssh_host_dsa_key,
/etc/ssh/ssh_host_ecdsa_key, /etc/ssh/ssh_host_ed25519_key and
/etc/ssh/ssh_host_rsa_key) are present.
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'freeipa.spec.in')
-rw-r--r-- | freeipa.spec.in | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in index 135e9c980..a9f976d6a 100644 --- a/freeipa.spec.in +++ b/freeipa.spec.in @@ -1007,17 +1007,21 @@ if [ -f '/etc/ssh/sshd_config' -a $restore -ge 2 ]; then /^(AuthorizedKeysCommand(User|RunAs)|PubKeyAgentRunAs)[ \t]/ d ' /etc/ssh/sshd_config >/etc/ssh/sshd_config.ipanew - if /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandUser=nobody'; then + # Prevent complaints about missing host keys by using the configured ones + tmp_config=$(mktemp sshd_config.XXXXXX) + sed -n '/^HostKey[ \t]/ p' /etc/ssh/sshd_config > $tmp_config + + if /usr/sbin/sshd -t -f $tmp_config -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandUser=nobody'; then sed -ri ' s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/ s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandUser nobody/ ' /etc/ssh/sshd_config.ipanew - elif /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandRunAs=nobody'; then + elif /usr/sbin/sshd -t -f $tmp_config -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandRunAs=nobody'; then sed -ri ' s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/ s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandRunAs nobody/ ' /etc/ssh/sshd_config.ipanew - elif /usr/sbin/sshd -t -f /dev/null -o 'PubKeyAgent=/usr/bin/sss_ssh_authorizedkeys %u' -o 'PubKeyAgentRunAs=nobody'; then + elif /usr/sbin/sshd -t -f $tmp_config -o 'PubKeyAgent=/usr/bin/sss_ssh_authorizedkeys %u' -o 'PubKeyAgentRunAs=nobody'; then sed -ri ' s/^AuthorizedKeysCommand (.+)$/PubKeyAgent \1 %u/ s/^PubKeyAgent .*$/\0\nPubKeyAgentRunAs nobody/ |