QA » openQA Project » openQA Tests

Proposal:

https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/12655

First copy the file from /usr/etc/ssh to /etc/ssh, then handle the case no longer different

dimstar wrote:

Proposal:

https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/12655

First copy the file from /usr/etc/ssh to /etc/ssh, then handle the case no longer different

Is this really what we want to do?

I would rather update the sshd.pm test to use both files, e.g:

• if /usr/etc/ssh/sshd_config exists then read from it, otherwise read from /etc/ssh/sshd_config
• Do all the changes in /etc/ssh/sshd_config and keep the /usr/etc/ssh/sshd_config untouched.

But of course we can merge the proposal mentioned above and then improve it later.

pdostal wrote:

dimstar wrote:

Proposal:

https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/12655

First copy the file from /usr/etc/ssh to /etc/ssh, then handle the case no longer different

Is this really what we want to do?

I would rather update the sshd.pm test to use both files, e.g:

• if /usr/etc/ssh/sshd_config exists then read from it, otherwise read from /etc/ssh/sshd_config
• Do all the changes in /etc/ssh/sshd_config and keep the /usr/etc/ssh/sshd_config untouched.

But of course we can merge the proposal mentioned above and then improve it later.

My proposal is very close to what you suggest and is even closer to what the sshd daemon itself does: read /usr/etc/ssh//sshd_config unless /etc/ssh/sshd_config exists.

Modifications by an admin are only every supposed to be in /etc/ssh/sshd_config (or even /etc/ssh/sshd_config.d since a few weeks)

So the test code proposal does basically what a 'normal' admin that wants to modify the config would do:

• copy the template config from /usr/etc/ssh to /etc/ssh (if it does not exist there yet)
• modify the file in /etc/ssh

If we want to do the test smarter, we should go for the /etc/ssh/sshd_config.d approach though

dimstar wrote:

My proposal is very close to what you suggest and is even closer to what the sshd daemon itself does: read /usr/etc/ssh//sshd_config unless /etc/ssh/sshd_config exists.

So the test code proposal does basically what a 'normal' admin that wants to modify the config would do:

• copy the template config from /usr/etc/ssh to /etc/ssh (if it does not exist there yet)
• modify the file in /etc/ssh

I am not sure about this. In my opinion the first point is not necessary.
In my opinion, the /etc/ssh/sshd_config is only for changes made by the user.

if you have an /etc/ssh/sshd_config, this overrides ALL settings from /usr/etc/ssh/sshd_config;

So just adding 'modifications in an empty' file will destroy your config, unless you copied the template over and modify it.
OR you do not modify /etc/ssh/sshd_config, but rather place snippets into /etc/ssh/sshd_config.d/

In all honesty, I do not care in what direction the fix goes. My motivation for the proposal was to get things moving to not block the openssh request forever - and as your attention is now on the case, I am happy to leave the decision with you (who will have to maintain the test into all eternity :) )