[PATCH 1/1] update error messages about moduli and primes files
Ole Holm Nielsen
Ole.H.Nielsen at fysik.dtu.dk
Fri Jul 10 18:40:07 AEST 2015
Thanks to Christian Hesse <mail at eworm.de> for fixing a logging bug.
The logit() messages are identical in releases 6.6 through 6.9.
Question: Could this patch be backported to older releases as well? Then
it would appear in major distributions using 6.6, for example RHEL 7 and
CentOS 7, and become helpful to a lot of users.
Furthermore, I would like to add a suggestion for the patch:
We're running an OpenSSH server on CentOS 7.1 (RPM:
openssh-6.6.1p1-12.el7_1.x86_64) and we have seen some puzzling warnings
(related to the above patch) in the syslog:
sshd[16815]: WARNING: /etc/ssh/moduli does not exist, using fixed modulus
It turned out that my /etc/ssh/moduli file had gotten an erroneous
SELinux security context by mistake. The correct SELinux security
context is:
# ls -Z /etc/ssh/moduli
-rw-r--r--. root root unconfined_u:object_r:etc_t:s0 /etc/ssh/moduli
Suggestion: Could you replace the logit() warning message:
logit("WARNING: neither %s nor %s exists, using fixed modulus",
by a possibly more informative message:
logit("WARNING: neither %s nor %s can be opened, using fixed modulus",
Thanks,
Ole
--
Ole Holm Nielsen
Department of Physics, Technical University of Denmark
More information about the openssh-unix-dev
mailing list