immarvin
commented
6 years ago there is a PR on this https://github.com/xcat2/xcat-core/pull/4599
Closed jbaksta closed 6 years ago
immarvin
commented
6 years ago there is a PR on this https://github.com/xcat2/xcat-core/pull/4599
immarvin
commented
6 years ago hi @jbaksta , one question, what's the equivalent option for KeyRegenerationInterval in OpenSSH 7.4 or SSH V2? will ssh keys be regenerated after some time ?
jbaksta
commented
6 years ago Apologies for missing the PR. Didn't see anything in the issues page, so assumed no PR had been made.
I don't believe there is a direct equivalent for what was being set in the sshd_config file as the KeyRegenerationInterval is for SSH v1 only. The closest thing for SSHv2 in OpenSSH is probably RekeyLimit, but I don't believe you'll be able to set it to the same value, and fundamentally, I don't think you'll need to set the RekeyLimit. I'm open to others explaining why it might need set WRT to xCAT though.
immarvin
commented
6 years ago the PR has been merged
The
KeyRegenerationIntervaloption that is pushed intosshd_configduring theremoteshellpostscript should probably be removed for newer operating systems. Its shows as being deprecated in our logs as well as only pertaining to ssh protocol 1. The ssh protocol 1 was dropped from RHEL 7.4 distribution release (openssh 7.4p1-13) completely, so moving forward on RHEL and clones should not set this value. Additionally the OpenSSH versions of Ubuntu (>17.04) and Debian (>9) as well as the upcoming version of SLES 15 are already using OpenSSH 7.4 or newer according to their respective documentation.