Date: Sun, 19 Jul 1998 16:10:01 -0700 (PDT) From: Matthew Hunt <mph@pobox.com> To: freebsd-ports@FreeBSD.ORG Subject: Re: ports/7323: "make install" of ssh blows away host key pair Message-ID: <199807192310.QAA10280@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR ports/7323; it has been noted by GNATS.
From: Matthew Hunt <mph@pobox.com>
To: brian@hyperreal.org, freebsd-gnats-submit@FreeBSD.ORG
Cc: Subject: Re: ports/7323: "make install" of ssh blows away host key pair
Date: Sun, 19 Jul 1998 19:08:55 -0400
On Sun, Jul 19, 1998 at 02:34:15PM -0700, brian@hyperreal.org wrote:
> >Description:
> When conducting a /usr/ports based install of ssh, a "make install"
> obliterates any preexisting host keys. A "make install" should instead
> look for any pre-existing keys and use them, or at least prompt to ask
> if the user wishes to make new keys.
Are you certain? I frequently install from /usr/ports/security/ssh
(basically, each time there's a new version) and while it might
have killed the host key in ages past, that hasn't happened to me in
a very long time.
Observe the following post-install bit:
post-install:
@if [ ! -f ${PREFIX}/etc/ssh_host_key ]; then \
echo "Generating a secret host key..."; \
${PREFIX}/bin/ssh-keygen -f ${PREFIX}/etc/ssh_host_key -N ""; \
fi
That is, it generates a new host key only if there isn't one already
there.
Also, etc/ssh_host_key does not appear in pkg/PLIST, meaning that
the host key should stick around even if you pkg_delete the ssh package
that you have installed.
--
Matthew Hunt <mph@pobox.com> * Stay close to the Vorlon.
http://www.pobox.com/~mph/pgp.key for PGP public key 0x67203349.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807192310.QAA10280>