1 |
On Mon, Mar 19, 2012 at 9:33 AM, Neil Bothwick <neil@××××××××××.uk> wrote: |
2 |
> On Sun, 18 Mar 2012 02:49:56 -0600, Canek Peláez Valdés wrote: |
3 |
> |
4 |
>> > They ensure that there is an sshd configuration file and |
5 |
>> > give a meaningful message (including where to find the sample) if it |
6 |
>> > is not present, and check for the presence of the hostkeys (again |
7 |
>> > which are needed) and create them if they are not present. Your 9 |
8 |
>> > lines of sshd.service do none of this. |
9 |
>> |
10 |
>> That is completely true. I also think that those checks does not |
11 |
>> belong into the init script: I think the configuration file presence |
12 |
>> should be guarantee by the package manager at install time, and so the |
13 |
>> creation of the hostkeys. |
14 |
> |
15 |
> sshd is a bit of a special case. Think like CDs, like SystemRescueCD. If |
16 |
> the keys were created at installation time, every CD would have the same |
17 |
> keys, which is not particularly desirable. |
18 |
|
19 |
I prefer "counterexample" to "special case" ... I don't like calling |
20 |
things "special cases" because it suggests that they're somehow more |
21 |
privileged than anything else, and unnecessarily weighs against |
22 |
software which hasn't been written yet. |
23 |
|
24 |
A similar case which falls into the same kind of circumstance: |
25 |
per-host IDs in mass-deployment scenarios. You see this in large |
26 |
arrays of similar systems; 'sbc-a3d6' 'sbc-a3d9' 'sbc-7721' ... Heck, |
27 |
applying something like that to live installation media would be nice; |
28 |
not having every new install called simply 'gentoo' by default would |
29 |
be very helpful in installfest scenarios. Identical hostnames screw |
30 |
with DHCP-driven DDNS updates. I ran into that on my home network. |
31 |
|
32 |
-- |
33 |
:wq |