From Fedora Project Wiki
 
Line 22: Line 22:
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development
-->
-->
* Tracker bug: <will be assigned by the Wrangler>
* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=1359762 #1359762]


== Detailed Description ==
== Detailed Description ==

Latest revision as of 12:22, 25 July 2016

Change/Remove slogin and sshd-keygen

Summary

slogin, a legacy symlink to ssh, will be removed. sshd-keygen, a legacy Fedora init script, will be removed.

Owner

  • Name: Jakub Jelen
  • Email: jjelen@redhat.com
  • Release notes owner:

Current status

Detailed Description

slogin symlink to ssh exists for years for compatibility with ancient systems and was recently removed from upstream openssh install scripts. There is no need to hold this symlink downstream. Possible dependent packages need update just in the words of substitution s/slogin/ssh/.

sshd-keygen executable is also years old copy from init scripts and does not make use of any systemd features. In F24 new instantiated sshd-keygen service is used, but for compatibility reasons (anaconda) the old sshd-keygen script is still shipped alongside. Applications/services that needs to make sure that ssh host keys are available, should depend on sshd-keygen.target instead of running sshd-keygen manually.

Benefit to Fedora

We will not diverge from upstream and we will lower maintenance time in slogin case.

Using systemd instantiated service adds more flexibility in control of what keys are generated, instead of troublesome combination of both that was used until Fedora 23.

Scope

  • Proposal owners:

Remove the symlink from spec file (revert commit) and remove sshd-keygen from dist-git script (revert sshd-keygen commit).

Package maintainers (anaconda) depending on these files in system should follow description above how to work without sshd-keygen.

  • Other developers: N/A (not a System Wide Change)
  • Release engineering: N/A (not a System Wide Change)
  • Policies and guidelines: N/A (not a System Wide Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

Other packages (Anaconda already in the round) or users might depend on the above mentioned files. The possible dependency on slogin and sshd-keygen files should be updated to ssh and systemd sshd-keygen.target accordingly.

How To Test

Check for existence of files /usr/bin/slogin and /usr/sbin/sshd-keygen on your system. They should not be there.

1. Open terminal (if not open yet)

2. Make sure you have installed openssh-clients and openssh-server packages:

rpm -q openssh-clients openssh-server
openssh-clients-7.*.fc25.x86_64
openssh-server-7.*.fc25.x86_64

3. Check if you have the files in your system:

ls /usr/bin/slogin /usr/sbin/sshd-keygen
ls: cannot access /usr/bin/slogin: No such file or directory
ls: cannot access /usr/sbin/sshd-keygen: No such file or directory

4. The files are not there 5. The host keys for sshd should be generated properly both for new installs and when the keys get removed (and sshdservice (re)started).

User Experience

N/A (not a System Wide Change)

Dependencies

N/A (not a System Wide Change)

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No

Documentation

Release Notes