AF:
NF:0
PS:10
SRH:1
SFN:
DSR:
MID:<20090725165529.38fa34c0@ripper.onstor.net>
CFG:
PT:0
S:andy.sharp@onstor.com
RQ:
SSV:mail.onstor.net
NSV:
SSH:
R:<larry.scheer@onstor.com>
MAID:1
X-Sylpheed-Privacy-System:
X-Sylpheed-Sign:0
SCF:#mh/Mailbox/sent
RMID:#imap/andys@onstor.net@exch1.onstor.net/INBOX	0	102AB4F33EBBDB4C91915B145C8E9FB3137CE45344@exch1.onstor.net
X-Sylpheed-End-Special-Headers: 1
Date: Sat, 25 Jul 2009 16:55:44 -0700
From: Andrew Sharp <andy.sharp@onstor.com>
To: Larry Scheer <larry.scheer@onstor.com>
Subject: Re: Please review change 32924 ssh hostkey fix for new version of
 ssh
Message-ID: <20090725165544.42faf77b@ripper.onstor.net>
In-Reply-To: <102AB4F33EBBDB4C91915B145C8E9FB3137CE45344@exch1.onstor.net>
References: <102AB4F33EBBDB4C91915B145C8E9FB3137CE45344@exch1.onstor.net>
Organization: Onstor
X-Mailer: Sylpheed-Claws 2.6.0 (GTK+ 2.8.20; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Sounds damn good to me!  I'll give it a real review on Monday.

Cheers,

a


On Fri, 24 Jul 2009 17:07:24 -0700 Larry Scheer
<larry.scheer@onstor.com> wrote:

> Andy,
>    Please check this change not only for correctness but also verify
> that my logic is sound.
> 
> What I am doing is touching a file in /etc/default after the ssh key
> check (and fix) is done.
> 
> I check for ssh-vulnkey (if it is not there then openssh 4.3p2-9etch3
> is not installed and I check if the file I touch is not there. If
> both conditions are met I check the host keys for vulnerability and
> regenerate them if needed. After the check I touch the file
> in /etc/default so this check is only run once.
> 
> Let me know what you think,
> 
> Thanks,
> 
> Larry
> 
> 
> Change 32924 by larrys@larrys on 2009/07/21 12:26:42 *pending*
> 
>         Add check for broken ssh host keys in /etc/ssh and replace
> keys if needed. This fix is needed when upgrading to openssh server
> version 4.3p2-9etch3.
>         Reviewed by: AndyS
> 
> Affected files ...
> 
> ... //depot/dev/linux/rootfs/etc/init.d/ssh#1 edit
> 
