From Fedora Project Wiki
(clean up)
 
(8 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Change/Obsolete slogin and sshd-keygen =
= Change/Remove slogin and sshd-keygen =


== Summary ==
== Summary ==


<code>slogin</code> is symlink to <code>ssh</code>, recently removed by upstream. <code>sshd-keygen</code> is old init script which needed replacement. They are not needed anymore.
<code>slogin</code>, a legacy symlink to <code>ssh</code>, will be removed. <code>sshd-keygen</code>, a legacy Fedora init script, will be removed.


== Owner ==
== Owner ==
Line 22: Line 22:
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development
-->
-->
* Tracker bug: <will be assigned by the Wrangler>
* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=1359762 #1359762]


== Detailed Description ==
== Detailed Description ==


Slogin symlink to ssh exists for years for compatibility with ancient systems and was recently removed from upstream openssh package. There is no need to hold this symlink downstream. Possible dependent packages need update just in the words of substitution <code>s/slogin/ssh/</code>.
<code>slogin</code> symlink to <code>ssh</code> exists for years for compatibility with ancient systems and was recently removed from upstream <code>openssh</code> install scripts. There is no need to hold this symlink downstream. Possible dependent packages need update just in the words of substitution <code>s/slogin/ssh/</code>.


Sshd-keygen executable is also years obsolete copy from init scripts and does not make use of any systemd features. In F24 new sshd-keygen is used, but for compatibility reasons (anaconda) the old sshd-keygen is still shipped alongside. Applications/services that needs to make sure that ssh host keys are available, should depend on <code>sshd-keygen.target</code> instead of running sshd-keygen manually.
<code>sshd-keygen</code> executable is also years old copy from init scripts and does not make use of any systemd features. In F24 new instantiated <code>sshd-keygen</code> service is used, but for compatibility reasons (anaconda) the old <code>sshd-keygen</code> script is still shipped alongside. Applications/services that needs to make sure that ssh host keys are available, should depend on <code>sshd-keygen.target</code> instead of running <code>sshd-keygen</code> manually.


== Benefit to Fedora ==
== Benefit to Fedora ==
Line 34: Line 34:
We will not diverge from upstream and we will lower maintenance time in <code>slogin</code> case.
We will not diverge from upstream and we will lower maintenance time in <code>slogin</code> case.


Using systemd instantiated service adds more flexibility in control of what keys are generated, instead of troublesome combination of both that was used until Fedora 23.
Using <code>systemd</code> instantiated service adds more flexibility in control of what keys are generated, instead of troublesome combination of both that was used until Fedora 23.
    
    
== Scope ==
== Scope ==
Line 58: Line 58:


== Upgrade/compatibility impact ==
== Upgrade/compatibility impact ==
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
 
N/A (not a System Wide Change)
Other packages (Anaconda already in the round) or users might depend on the above mentioned files. The possible dependency on <code>slogin</code> and <code>sshd-keygen</code> files should be updated to <code>ssh</code> and systemd <code>sshd-keygen.target</code> accordingly.


== How To Test ==
== How To Test ==
Line 79: Line 79:
</pre>
</pre>
4. The files are not there
4. The files are not there
 
5. The host keys for <code>sshd</code> should be generated properly both for new installs and when the keys get removed (and <code>sshd</code>service (re)started).
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
N/A (not a System Wide Change)  


== User Experience ==
== User Experience ==
Line 109: Line 107:
* sshd-keygen "discussion" bug about moving to systemd: https://bugzilla.redhat.com/show_bug.cgi?id=1331077
* sshd-keygen "discussion" bug about moving to systemd: https://bugzilla.redhat.com/show_bug.cgi?id=1331077
* anaconda bug: https://bugzilla.redhat.com/show_bug.cgi?id=1331753
* anaconda bug: https://bugzilla.redhat.com/show_bug.cgi?id=1331753
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
N/A (not a System Wide Change)


== Release Notes ==
== Release Notes ==
Line 120: Line 115:
-->
-->


[[Category:ChangePageIncomplete]]
[[Category:ChangeAcceptedF25]]
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->

Latest revision as of 12:22, 25 July 2016

Change/Remove slogin and sshd-keygen

Summary

slogin, a legacy symlink to ssh, will be removed. sshd-keygen, a legacy Fedora init script, will be removed.

Owner

  • Name: Jakub Jelen
  • Email: jjelen@redhat.com
  • Release notes owner:

Current status

Detailed Description

slogin symlink to ssh exists for years for compatibility with ancient systems and was recently removed from upstream openssh install scripts. There is no need to hold this symlink downstream. Possible dependent packages need update just in the words of substitution s/slogin/ssh/.

sshd-keygen executable is also years old copy from init scripts and does not make use of any systemd features. In F24 new instantiated sshd-keygen service is used, but for compatibility reasons (anaconda) the old sshd-keygen script is still shipped alongside. Applications/services that needs to make sure that ssh host keys are available, should depend on sshd-keygen.target instead of running sshd-keygen manually.

Benefit to Fedora

We will not diverge from upstream and we will lower maintenance time in slogin case.

Using systemd instantiated service adds more flexibility in control of what keys are generated, instead of troublesome combination of both that was used until Fedora 23.

Scope

  • Proposal owners:

Remove the symlink from spec file (revert commit) and remove sshd-keygen from dist-git script (revert sshd-keygen commit).

Package maintainers (anaconda) depending on these files in system should follow description above how to work without sshd-keygen.

  • Other developers: N/A (not a System Wide Change)
  • Release engineering: N/A (not a System Wide Change)
  • Policies and guidelines: N/A (not a System Wide Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

Other packages (Anaconda already in the round) or users might depend on the above mentioned files. The possible dependency on slogin and sshd-keygen files should be updated to ssh and systemd sshd-keygen.target accordingly.

How To Test

Check for existence of files /usr/bin/slogin and /usr/sbin/sshd-keygen on your system. They should not be there.

1. Open terminal (if not open yet)

2. Make sure you have installed openssh-clients and openssh-server packages:

rpm -q openssh-clients openssh-server
openssh-clients-7.*.fc25.x86_64
openssh-server-7.*.fc25.x86_64

3. Check if you have the files in your system:

ls /usr/bin/slogin /usr/sbin/sshd-keygen
ls: cannot access /usr/bin/slogin: No such file or directory
ls: cannot access /usr/sbin/sshd-keygen: No such file or directory

4. The files are not there 5. The host keys for sshd should be generated properly both for new installs and when the keys get removed (and sshdservice (re)started).

User Experience

N/A (not a System Wide Change)

Dependencies

N/A (not a System Wide Change)

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No

Documentation

Release Notes