AF:
NF:0
PS:10
SRH:1
SFN:
DSR:
MID:
CFG:
PT:0
S:andy.sharp@lsi.com
RQ:
SSV:mhbs.lsil.com
NSV:
SSH:
R:<Larry.Scheer@lsi.com>
MAID:2
X-Sylpheed-Privacy-System:
X-Sylpheed-Sign:0
SCF:#mh/Mailbox/sent
RMID:#imap/LSI/INBOX	0	DEC609CD0E54B2448DAF023C89AE9755E9275ABC@cosmail02.lsi.com
X-Sylpheed-End-Special-Headers: 1
Date: Tue, 1 Dec 2009 13:42:01 -0800
From: Andrew Sharp <andy.sharp@lsi.com>
To: "Scheer, Larry" <Larry.Scheer@lsi.com>
Subject: Re: Please review change 33862 for defect 27544 ssh keys problem
Message-ID: <20091201134201.5e5ba2a9@ripper.onstor.net>
In-Reply-To: <DEC609CD0E54B2448DAF023C89AE9755E9275ABC@cosmail02.lsi.com>
References: <DEC609CD0E54B2448DAF023C89AE9755E9275AA4@cosmail02.lsi.com>
	<DEC609CD0E54B2448DAF023C89AE9755E9275ABC@cosmail02.lsi.com>
Organization: LSI
X-Mailer: Sylpheed-Claws 2.6.0 (GTK+ 2.8.20; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit


= Change 33862 by larrys@larrys-r14-dmip on 2009/11/18 18:42:22 *pending*
= 
= 	For TED00027544 "still seeing Add check for broken ssh host keys in
= 	/etc/ssh and replace keys"
= 	
= 	There potentially exists a problem of old vulnerable (aka blacklisted)
= 	ssh keys being reintroduced into a filer running 4.0.3.0 or later
= 	release when a system config recover or the initial configuration is
= 	run and pulls the confguration files from the standby flash after
= 	sshd starts for the first time.
= 	
= 	Also a problem could exist when a filer is downgraded from 4.0.3.0 
= 	(or later release) to an earlier root file system and then moved back
= 	to 4.0.3.0 (or later).
= 	
= 	The solution is to remove /etc/default/.hostkeychecked after a
= 	system upgrade is run and also whenever the system configuration files
= 	are recovered from the standby flash. This triggers a vulnerable key
= 	check and regeneration of the ssh keys if needed when sshd is started.
= 	
= 	Reviewed by:
= 

nfx-tree/code/ssc-initial-config/initial-config.c

     looks good

nfx-tree/code/ssc-nfxsh/cmd_flash.c

     line 746 since this is in multiple files, it should be in a header
     file somewhere, if possible

     line 770-777 you could make this function a method also
     defined in the header file as a static inline, something like
     rm_hostkeychecked();

Actually, you can skip the access() call and just do an unlink().  You
aren't checking for an error from unlink() anyway, so if it can't find
it, no harm done.  One system call is better than two.


nfx-tree/code/ssc-nfxsh/verify_install.in

     line 1244 won't the C code I just looked at do this for you?
     while I'm looking at this and contemplating whether I care enough
     to suggest making the file path a variable, I notice that it's
     in /etc/default.  Is that the best place for it?  I'm thinking
     /etc/ssh is a logical place.  What do you think?





On Tue, 1 Dec 2009 14:19:53 -0700 "Scheer, Larry"
<Larry.Scheer@lsi.com> wrote:

> Here  is the review request I just talked about.
> ________________________________________
> From: Scheer, Larry
> Sent: Wednesday, November 18, 2009 6:51 PM
> To: Sharp, Andy
> Subject: Please review change 33862 for defect 27544 ssh keys problem
> 
> Hi Andy,
>     These changes are on linux-compile and ripper
> in /home/larrys/perforce/trees/dev/nfx-tree workspace.
> 
> Sorry about that. My mightydog workspace has the tuxstor merge going
> on in it and I didn't want to use that p4 client for these changes
> (for my own sanity.)
> 
> Let me know if you need anything. I still need to test this change on
> a live system but I wanted to get a jump on the review process.
> 
> Larry
> 
> Change 33862 by larrys@larrys-r14-dmip on 2009/11/18 18:42:22
> *pending*
> 
>         For TED00027544 "still seeing Add check for broken ssh host
> keys in /etc/ssh and replace keys"
> 
>         There potentially exists a problem of old vulnerable (aka
> blacklisted) ssh keys being reintroduced into a filer running 4.0.3.0
> or later release when a system config recover or the initial
> configuration is run and pulls the confguration files from the
> standby flash after sshd starts for the first time.
> 
>         Also a problem could exist when a filer is downgraded from
> 4.0.3.0 (or later release) to an earlier root file system and then
> moved back to 4.0.3.0 (or later).
> 
>         The solution is to remove /etc/default/.hostkeychecked after a
>         system upgrade is run and also whenever the system
> configuration files are recovered from the standby flash. This
> triggers a vulnerable key check and regeneration of the ssh keys if
> needed when sshd is started.
> 
>         Reviewed by:
> 
> Affected files ...
> 
> ... //depot/dev/nfx-tree/code/ssc-initial-config/initial-config.c#15
> edit ... //depot/dev/nfx-tree/code/ssc-nfxsh/cmd_flash.c#23 edit
> ... //depot/dev/nfx-tree/code/ssc-nfxsh/verify_install.in#15 edit
