[PATCH 1/1] update error messages about moduli and primes files

Ole Holm Nielsen Ole.H.Nielsen at fysik.dtu.dk
Fri Jul 10 18:40:07 AEST 2015


Thanks to Christian Hesse <mail at eworm.de> for fixing a logging bug. 
The logit() messages are identical in releases 6.6 through 6.9.

Question: Could this patch be backported to older releases as well? Then 
it would appear in major distributions using 6.6, for example RHEL 7 and 
CentOS 7, and become helpful to a lot of users.

Furthermore, I would like to add a suggestion for the patch:

We're running an OpenSSH server on CentOS 7.1 (RPM: 
openssh-6.6.1p1-12.el7_1.x86_64) and we have seen some puzzling warnings 
(related to the above patch) in the syslog:
   sshd[16815]: WARNING: /etc/ssh/moduli does not exist, using fixed modulus

It turned out that my /etc/ssh/moduli file had gotten an erroneous 
SELinux security context by mistake.  The correct SELinux security 
context is:
# ls -Z /etc/ssh/moduli
-rw-r--r--. root root unconfined_u:object_r:etc_t:s0   /etc/ssh/moduli

Suggestion: Could you replace the logit() warning message:
   logit("WARNING: neither %s nor %s exists, using fixed modulus",
by a possibly more informative message:
   logit("WARNING: neither %s nor %s can be opened, using fixed modulus",

Thanks,
Ole

-- 
Ole Holm Nielsen
Department of Physics, Technical University of Denmark


More information about the openssh-unix-dev mailing list