Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 235466

Summary: sshd init.d script should allow override of server key creation
Product: [Fedora] Fedora Reporter: James Ralston <ralston>
Component: opensshAssignee: Tomas Mraz <tmraz>
Status: CLOSED RAWHIDE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: mattdm
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: openssh-4.5p1-8.fc8 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-08-09 18:39:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Description Flags
add support for NO_AUTOCREATE_SERVER_KEYS setting
add support for overriding autocreation of HostKeys none

Description James Ralston 2007-04-05 22:17:39 UTC
(I am filing this bug against FC7test3, but it applies to all versions of FC and

Currently, /etc/rc.d/init.d/sshd unconditionally creates any server keys which
are missing:


This is irritating, because we define specific (and limited) HostKeys in
/etc/ssh/sshd_config, and don't want the extra HostKeys lying around.

This patch will make it so that setting NO_AUTOCREATE_SERVER_KEYS to NO in
/etc/sysconfig/sshd will cause the sshd init.d file not to automatically create

Comment 1 James Ralston 2007-04-05 22:17:39 UTC
Created attachment 151814 [details]
add support for NO_AUTOCREATE_SERVER_KEYS setting

Comment 2 James Ralston 2007-04-05 22:22:13 UTC
Created attachment 151815 [details]
add support for overriding autocreation of HostKeys

Actually, I just realized that variable is poorly named, as setting it requires
a double negative.  Simply AUTOCREATE_SERVER_KEYS is better.

Comment 3 Matthew Miller 2007-04-10 16:27:12 UTC
Fedora 7 test bugs should be filed against "devel", not against test1/2/3. This
isn't obvious, I know. Moving this report so it isn't lost.

This is a bulk message -- I apologize if this was actually meant to be targeted
against a different release. If so, please fix or let me know. Thanks.