[Bug 1006221] New: command to remove outdated hostkey from known_hosts file wrong
http://bugzilla.suse.com/show_bug.cgi?id=1006221 Bug ID: 1006221 Summary: command to remove outdated hostkey from known_hosts file wrong Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening@forge.provo.novell.com Reporter: aspiers@suse.com QA Contact: qa-bugs@suse.de Found By: Development Blocker: --- When a host with a non-default port is in the ~/.ssh/known_hosts file then the suggested command to remove it does not work. For example, if known_hosts contains: [192.168.42.129]:2222 ssh-rsa .... then connecting with an outdated hostkey gives something like: Offending ECDSA key in /home/user/.ssh/known_hosts:440 You can use following command to remove all keys for this IP: ssh-keygen -R 192.168.42.129 -f /home/user/.ssh/known_hosts but that command doesn't do the right thing; it removes the entry for the hostkey on the default port 22, not on port 2222. The correct command to suggest would have been: ssh-keygen -R [192.168.42.129]:2222 -f /home/user/.ssh/known_hosts This is a resubmission of the upstream bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2169 which was rightly resolved as INVALID because the bug actually comes from a SUSE-specific patch: https://build.opensuse.org/package/view_file/openSUSE:Leap:42.2/openssh/open... The original source can be viewed here: https://github.com/openssh/openssh-portable/blob/00df97ff68a49a756d4b977cd02... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1006221
Chenzi Cao
http://bugzilla.suse.com/show_bug.cgi?id=1006221
http://bugzilla.suse.com/show_bug.cgi?id=1006221#c1
--- Comment #1 from Petr Cerny
http://bugzilla.suse.com/show_bug.cgi?id=1006221
http://bugzilla.suse.com/show_bug.cgi?id=1006221#c2
--- Comment #2 from Adam Spiers
http://bugzilla.suse.com/show_bug.cgi?id=1006221
Ludwig Nussel
http://bugzilla.suse.com/show_bug.cgi?id=1006221
http://bugzilla.suse.com/show_bug.cgi?id=1006221#c3
--- Comment #3 from Petr Cerny
http://bugzilla.suse.com/show_bug.cgi?id=1006221
http://bugzilla.suse.com/show_bug.cgi?id=1006221#c4
--- Comment #4 from Adam Spiers
It is, but producing a message depending on whether the port is standard 22 or something else will just inflate it.
It will inflate what? It would hardly be a huge inflation to the source code.
Mentioning the ssh-keygen(1) man page should be enough, imho.
Surely that's not as helpful as providing a command they can use directly via cut and paste? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1006221
http://bugzilla.suse.com/show_bug.cgi?id=1006221#c5
Petr Cerny
(In reply to Petr Cerny from comment #3)
It is, but producing a message depending on whether the port is standard 22 or something else will just inflate it.
It will inflate what? It would hardly be a huge inflation to the source code.
I was afraid it would inflate the patch by adding reverse logic to ssh-keygen argument parsing. Fortunately it didn't turn out to be the case, so it will be fixed in the next MU.
Mentioning the ssh-keygen(1) man page should be enough, imho.
Surely that's not as helpful as providing a command they can use directly via cut and paste?
Yes, yet it also makes one more thing to think of when ssh-keygen behaviour changes, thus making it prone to rotting. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1006221
http://bugzilla.suse.com/show_bug.cgi?id=1006221#c6
--- Comment #6 from Adam Spiers
(In reply to Adam Spiers from comment #4)
It will inflate what? It would hardly be a huge inflation to the source code.
I was afraid it would inflate the patch by adding reverse logic to ssh-keygen argument parsing.
Ah, OK.
Fortunately it didn't turn out to be the case, so it will be fixed in the next MU.
Great, thanks!
Mentioning the ssh-keygen(1) man page should be enough, imho.
Surely that's not as helpful as providing a command they can use directly via cut and paste?
Yes, yet it also makes one more thing to think of when ssh-keygen behaviour changes, thus making it prone to rotting.
Yeah, that's true. Hopefully low risk though :) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1006221
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1006221
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1006221
http://bugzilla.suse.com/show_bug.cgi?id=1006221#c8
--- Comment #8 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1006221
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1006221
http://bugzilla.suse.com/show_bug.cgi?id=1006221#c9
--- Comment #9 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1006221
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1006221
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1006221
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1006221
http://bugzilla.suse.com/show_bug.cgi?id=1006221#c10
--- Comment #10 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1006221
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1006221
http://bugzilla.suse.com/show_bug.cgi?id=1006221#c11
--- Comment #11 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1006221
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1006221
http://bugzilla.suse.com/show_bug.cgi?id=1006221#c12
--- Comment #12 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1006221
http://bugzilla.suse.com/show_bug.cgi?id=1006221#c13
--- Comment #13 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1006221
http://bugzilla.suse.com/show_bug.cgi?id=1006221#c14
--- Comment #14 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1006221
http://bugzilla.suse.com/show_bug.cgi?id=1006221#c15
--- Comment #15 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1006221
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1006221
http://bugzilla.suse.com/show_bug.cgi?id=1006221#c17
--- Comment #17 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1006221
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1006221
http://bugzilla.suse.com/show_bug.cgi?id=1006221#c18
Tomáš Chvátal
http://bugzilla.suse.com/show_bug.cgi?id=1006221
Swamp Workflow Management
participants (1)
-
bugzilla_noreply@novell.com