m (Jjelen moved page Changes/Obsolete slogin and sshd-keygen to Changes/Remove slogin and sshd-keygen) |
(ChangeReadyForWrangler) |
||
Line 115: | Line 115: | ||
--> | --> | ||
[[Category: | [[Category:ChangeReadyForWrangler]] | ||
<!-- When your change proposal page is completed and ready for review and announcement --> | <!-- When your change proposal page is completed and ready for review and announcement --> | ||
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler --> | <!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler --> |
Revision as of 08:25, 12 July 2016
Change/Remove slogin and sshd-keygen
Summary
slogin
, a legacy symlink to ssh
, will be removed. sshd-keygen
, a legacy Fedora init script, will be removed.
Owner
- Name: Jakub Jelen
- Email: jjelen@redhat.com
- Release notes owner:
Current status
- Targeted release: Fedora 25
- Last updated: 2016-07-12
- Tracker bug: <will be assigned by the Wrangler>
Detailed Description
slogin
symlink to ssh
exists for years for compatibility with ancient systems and was recently removed from upstream openssh
install scripts. There is no need to hold this symlink downstream. Possible dependent packages need update just in the words of substitution s/slogin/ssh/
.
sshd-keygen
executable is also years old copy from init scripts and does not make use of any systemd features. In F24 new instantiated sshd-keygen
service is used, but for compatibility reasons (anaconda) the old sshd-keygen
script is still shipped alongside. Applications/services that needs to make sure that ssh host keys are available, should depend on sshd-keygen.target
instead of running sshd-keygen
manually.
Benefit to Fedora
We will not diverge from upstream and we will lower maintenance time in slogin
case.
Using systemd
instantiated service adds more flexibility in control of what keys are generated, instead of troublesome combination of both that was used until Fedora 23.
Scope
- Proposal owners:
Remove the symlink from spec file (revert commit) and remove sshd-keygen from dist-git script (revert sshd-keygen commit).
Package maintainers (anaconda) depending on these files in system should follow description above how to work without sshd-keygen
.
- Other developers: N/A (not a System Wide Change)
- Release engineering: N/A (not a System Wide Change)
- List of deliverables: N/A (not a System Wide Change)
- Policies and guidelines: N/A (not a System Wide Change)
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
Other packages (Anaconda already in the round) or users might depend on the above mentioned files. The possible dependency on slogin
and sshd-keygen
files should be updated to ssh
and systemd sshd-keygen.target
accordingly.
How To Test
Check for existence of files /usr/bin/slogin
and /usr/sbin/sshd-keygen
on your system. They should not be there.
1. Open terminal (if not open yet)
2. Make sure you have installed openssh-clients
and openssh-server
packages:
rpm -q openssh-clients openssh-server openssh-clients-7.*.fc25.x86_64 openssh-server-7.*.fc25.x86_64
3. Check if you have the files in your system:
ls /usr/bin/slogin /usr/sbin/sshd-keygen ls: cannot access /usr/bin/slogin: No such file or directory ls: cannot access /usr/sbin/sshd-keygen: No such file or directory
4. The files are not there
5. The host keys for sshd
should be generated properly both for new installs and when the keys get removed (and sshd
service (re)started).
User Experience
N/A (not a System Wide Change)
Dependencies
N/A (not a System Wide Change)
Contingency Plan
- Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change), Yes/No
Documentation
- Missed release notes from openssh upstream: http://lists.mindrot.org/pipermail/openssh-unix-dev/2016-March/034933.html
- sshd-keygen "discussion" bug about moving to systemd: https://bugzilla.redhat.com/show_bug.cgi?id=1331077
- anaconda bug: https://bugzilla.redhat.com/show_bug.cgi?id=1331753