[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#817836: marked as done (openssh-server: ECDSA host key creation after upgrades)

Your message dated Sun, 2 Apr 2017 03:04:38 +0100
with message-id <20170402020438.GP9002@riva.ucam.org>
and subject line Re: Bug#817836: openssh-server: ECDSA host key creation after upgrades
has caused the Debian Bug report #817836,
regarding openssh-server: ECDSA host key creation after upgrades
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
817836: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=817836
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: openssh-server
Version: 1:6.0p1-4+deb7u3
Severity: wishlist

Dear Maintainer,

We're upgrading some systems from Debian 6 to Debian 7 (and then maybe 8). As
part of the update, the newer version of OpenSSH supports the newer ECDSA
format.

However, after the upgrade is complete, and I run 'dpkg-reconfigure 
openssh-server', the "/etc/ssh/ssh_host_ecdsa_key" is not generated.

It seems that the package doesn't touch sshd_config(5) to add the new
HostKey file.

This isn't necessarily a bad thing, but could you add functinality so that
the user is prompted about updating "/etc/ssh/sshd_config"? If there have
been no local changes then the new file can be installed, but if there are
site-specific modifications then the admin can decide what to do.


-- System Information:
Debian Release: 7.9
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-server depends on:
ii  adduser                3.113+nmu3
ii  debconf [debconf-2.0]  1.5.49
ii  dpkg                   1.16.17
ii  libc6                  2.13-38+deb7u10
ii  libcomerr2             1.42.5-1.1+deb7u1
ii  libgssapi-krb5-2       1.10.1+dfsg-5+deb7u7
ii  libkrb5-3              1.10.1+dfsg-5+deb7u7
ii  libpam-modules         1.1.3-7.1
ii  libpam-runtime         1.1.3-7.1
ii  libpam0g               1.1.3-7.1
ii  libselinux1            2.1.9-5
ii  libssl1.0.0            1.0.1e-2+deb7u20
ii  libwrap0               7.6.q-24
ii  lsb-base               4.1+Debian8+deb7u1
ii  openssh-client         1:6.0p1-4+deb7u3
ii  procps                 1:3.3.3-3
ii  zlib1g                 1:1.2.7.dfsg-13

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
Source: openssh
Source-Version: 1:7.4p1-1

On Thu, Mar 10, 2016 at 02:06:17PM -0500, David Magda wrote:
> We're upgrading some systems from Debian 6 to Debian 7 (and then maybe 8). As
> part of the update, the newer version of OpenSSH supports the newer ECDSA
> format.
> 
> However, after the upgrade is complete, and I run 'dpkg-reconfigure 
> openssh-server', the "/etc/ssh/ssh_host_ecdsa_key" is not generated.
> 
> It seems that the package doesn't touch sshd_config(5) to add the new
> HostKey file.
> 
> This isn't necessarily a bad thing, but could you add functinality so that
> the user is prompted about updating "/etc/ssh/sshd_config"? If there have
> been no local changes then the new file can be installed, but if there are
> site-specific modifications then the admin can decide what to do.

I fixed this in openssh 1:7.4p1-1 by switching to managing sshd_config
using ucf.

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]

--- End Message ---
Reply to: