From Fedora Project Wiki
(draft of change request)
 
(clean up)
Line 1: Line 1:
= Change/Obsolete slogin and sshd-keygen ==
= Change/Obsolete slogin and sshd-keygen =


== Summary ==
== Summary ==
Line 26: Line 26:
== Detailed Description ==
== Detailed Description ==


Slogin symlink to ssh exists for years for compatibility with ancient systems and was recently removed from upstream openssh package. There is no need to hold this symlink. Possible dependent packages need update just in the words of substitution <code>s/slogin/ssh/g</code>.
Slogin symlink to ssh exists for years for compatibility with ancient systems and was recently removed from upstream openssh package. There is no need to hold this symlink downstream. Possible dependent packages need update just in the words of substitution <code>s/slogin/ssh/</code>.


Sshd-keygen executable is also years obsolete copy from init scripts and does not make use of systemd features. In F24 new sshd-keygen is used, but for compatibility issues (anaconda) the old sshd-keygen is still there. Applications/services that needs to make sure that ssh host keys are available, should depend on sshd-keygen.target instead of running sshd-keygen executable.
Sshd-keygen executable is also years obsolete copy from init scripts and does not make use of any systemd features. In F24 new sshd-keygen is used, but for compatibility reasons (anaconda) the old sshd-keygen is still shipped alongside. Applications/services that needs to make sure that ssh host keys are available, should depend on <code>sshd-keygen.target</code> instead of running sshd-keygen manually.


== Benefit to Fedora ==
== Benefit to Fedora ==


Do not diverge from upstream and lower maintenance costs in <code>slogin</code> case.
We will not diverge from upstream and we will lower maintenance time in <code>slogin</code> case.


Using systemd instantiated service adds more flexibility in control of what keys are generated.
Using systemd instantiated service adds more flexibility in control of what keys are generated, instead of troublesome combination of both that was used until Fedora 23.
    
    
== Scope ==
== Scope ==
Line 40: Line 40:
Remove the symlink from spec file (revert [http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/commit/?id=e762f7265ea47471869b94203a4ded0ad71b9381|slogin commit]) and remove sshd-keygen from dist-git script (revert [http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/commit/?id=0b5300a59c5b88489f9a00f529670fb2723de34e|legacy sshd-keygen commit]).
Remove the symlink from spec file (revert [http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/commit/?id=e762f7265ea47471869b94203a4ded0ad71b9381|slogin commit]) and remove sshd-keygen from dist-git script (revert [http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/commit/?id=0b5300a59c5b88489f9a00f529670fb2723de34e|legacy sshd-keygen commit]).


Package maintainers (anaconda) depending on these files in system should follow recommendation how to work without them.
Package maintainers (anaconda) depending on these files in system should follow description above how to work without <code>sshd-keygen</code>.


* Other developers: N/A (not a System Wide Change) <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
* Other developers: N/A (not a System Wide Change) <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
Line 62: Line 62:


== How To Test ==
== How To Test ==
Check for existence of files ''/usr/bin/slogin'' and ''/usr/sbin/sshd-keygen'' on your system. They should not be there.
Check for existence of files <code>/usr/bin/slogin</code> and <code>/usr/sbin/sshd-keygen</code> on your system. They should not be there.


1. Open terminal (if not open yet)
1. Open terminal (if not open yet)
Line 69: Line 69:
<pre>
<pre>
rpm -q openssh-clients openssh-server
rpm -q openssh-clients openssh-server
openssh-clients-7.*p2-*.fc25.x86_64
openssh-clients-7.*.fc25.x86_64
openssh-server-7.*p2-*.fc25.x86_64
openssh-server-7.*.fc25.x86_64
</pre>
</pre>
3. Check if you have the files in your system:
3. Check if you have the files in your system:
Line 107: Line 107:


* Missed release notes from openssh upstream: http://lists.mindrot.org/pipermail/openssh-unix-dev/2016-March/034933.html
* Missed release notes from openssh upstream: http://lists.mindrot.org/pipermail/openssh-unix-dev/2016-March/034933.html
* sshd-keygen "discussion" bug: https://bugzilla.redhat.com/show_bug.cgi?id=1331077
* sshd-keygen "discussion" bug about moving to systemd: https://bugzilla.redhat.com/show_bug.cgi?id=1331077
* anaconda compatibility bug: https://bugzilla.redhat.com/show_bug.cgi?id=1331753
* anaconda bug: https://bugzilla.redhat.com/show_bug.cgi?id=1331753


<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->

Revision as of 07:42, 12 July 2016

Change/Obsolete slogin and sshd-keygen

Summary

slogin is symlink to ssh, recently removed by upstream. sshd-keygen is old init script which needed replacement. They are not needed anymore.

Owner

  • Name: Jakub Jelen
  • Email: jjelen@redhat.com
  • Release notes owner:

Current status

  • Targeted release: Fedora 25
  • Last updated: 2016-07-12
  • Tracker bug: <will be assigned by the Wrangler>

Detailed Description

Slogin symlink to ssh exists for years for compatibility with ancient systems and was recently removed from upstream openssh package. There is no need to hold this symlink downstream. Possible dependent packages need update just in the words of substitution s/slogin/ssh/.

Sshd-keygen executable is also years obsolete copy from init scripts and does not make use of any systemd features. In F24 new sshd-keygen is used, but for compatibility reasons (anaconda) the old sshd-keygen is still shipped alongside. Applications/services that needs to make sure that ssh host keys are available, should depend on sshd-keygen.target instead of running sshd-keygen manually.

Benefit to Fedora

We will not diverge from upstream and we will lower maintenance time in slogin case.

Using systemd instantiated service adds more flexibility in control of what keys are generated, instead of troublesome combination of both that was used until Fedora 23.

Scope

  • Proposal owners:

Remove the symlink from spec file (revert commit) and remove sshd-keygen from dist-git script (revert sshd-keygen commit).

Package maintainers (anaconda) depending on these files in system should follow description above how to work without sshd-keygen.

  • Other developers: N/A (not a System Wide Change)
  • Release engineering: N/A (not a System Wide Change)
  • Policies and guidelines: N/A (not a System Wide Change)
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

N/A (not a System Wide Change)

How To Test

Check for existence of files /usr/bin/slogin and /usr/sbin/sshd-keygen on your system. They should not be there.

1. Open terminal (if not open yet)

2. Make sure you have installed openssh-clients and openssh-server packages:

rpm -q openssh-clients openssh-server
openssh-clients-7.*.fc25.x86_64
openssh-server-7.*.fc25.x86_64

3. Check if you have the files in your system:

ls /usr/bin/slogin /usr/sbin/sshd-keygen
ls: cannot access /usr/bin/slogin: No such file or directory
ls: cannot access /usr/sbin/sshd-keygen: No such file or directory

4. The files are not there

N/A (not a System Wide Change)

User Experience

N/A (not a System Wide Change)

Dependencies

N/A (not a System Wide Change)

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No

Documentation

N/A (not a System Wide Change)

Release Notes