Bug#509055: openssh-client: ssh-keygen -R removes all comments from known_hosts file

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#509055: openssh-client: ssh-keygen -R removes all comments from known_hosts file
From: Jameson Graef Rollins <jrollins@finestructure.net>
Date: Wed, 17 Dec 2008 16:54:21 -0500
Message-id: <[🔎] 20081217215421.17908.25831.reportbug@servo.finestructure.net>
Reply-to: Jameson Graef Rollins <jrollins@finestructure.net>, 509055@bugs.debian.org

Package: openssh-client
Version: 1:5.1p1-4
Severity: normal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ssh-keygen -R is currently removing all comments from the known_hosts
file it's processing.  Below is an example of ssh-keygen -R being run
on a test known_host file:

servo:/tmp/cdtemp.mgJxDc 0$ cat known_hosts
example1.server.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0pZPJyb1TA+ykjXRO6VuieYxMNexgE1WEhvBHnOvPAI4u/N65BMp+QE9MO6m6gQdwcqy3d8jQM/FiJhuyk4RyBOCqyuPkQpHVsjQYn1qLbjhfgKnkqfW2ZtZOfyB9TuXt8maXTbHYELOYIQ06CcXyp4n6iZnhMtHC/+8zNgqOMOuSe2QuPMN9oDBZTdJhcWCfIPT9N4T0QlbZ3t2j75UhVd2qNhwDnb+LqWXbbToSd8c8npYgu7QKnazQY+I4IKv2cdfMhQfO/zTm0nlov471rScVf9hRiiWUypmOtH0yMiK7lPp7ppzuuDMlUOxSmMRxnd65rbXnEcEsceY5oXf9 foo
example2.server.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0pZPJyb1TA+ykjXRO6VuieYxMNexgE1WEhvBHnOvPAI4u/N65BMp+QE9MO6m6gQdwcqy3d8jQM/FiJhuyk4RyBOCqyuPkQpHVsjQYn1qLbjhfgKnkqfW2ZtZOfyB9TuXt8maXTbHYELOYIQ06CcXyp4n6iZnhMtHC/+8zNgqOMOuSe2QuPMN9oDBZTdJhcWCfIPT9N4T0QlbZ3t2j75UhVd2qNhwDnb+LqWXbbToSd8c8npYgu7QKnazQY+I4IKv2cdfMhQfO/zTm0nlov471rScVf9hRiiWUypmOtH0yMiK7lPp7ppzuuDMlUOxSmMRxnd65rbXnEcEsceY5oXf9 bar
servo:/tmp/cdtemp.mgJxDc 0$ ssh-keygen -R example1.server.net -f ./known_hosts
./known_hosts updated.
Original contents retained as ./known_hosts.old
servo:/tmp/cdtemp.mgJxDc 0$ cat known_hosts
example2.server.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0pZPJyb1TA+ykjXRO6VuieYxMNexgE1WEhvBHnOvPAI4u/N65BMp+QE9MO6m6gQdwcqy3d8jQM/FiJhuyk4RyBOCqyuPkQpHVsjQYn1qLbjhfgKnkqfW2ZtZOfyB9TuXt8maXTbHYELOYIQ06CcXyp4n6iZnhMtHC/+8zNgqOMOuSe2QuPMN9oDBZTdJhcWCfIPT9N4T0QlbZ3t2j75UhVd2qNhwDnb+LqWXbbToSd8c8npYgu7QKnazQY+I4IKv2cdfMhQfO/zTm0nlov471rScVf9hRiiWUypmOtH0yMiK7lPp7ppzuuDMlUOxSmMRxnd65rbXnEcEsceY5oXf9
servo:/tmp/cdtemp.mgJxDc 0$ 

Notice that the command is to remove example1.server.net from the
file, but the comment on example2.server.net is removed in the
process.  This also happens when nothing is removed from the file at
all:

servo:/tmp/cdtemp.mgJxDc 0$ cat known_hosts
example2.server.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0pZPJyb1TA+ykjXRO6VuieYxMNexgE1WEhvBHnOvPAI4u/N65BMp+QE9MO6m6gQdwcqy3d8jQM/FiJhuyk4RyBOCqyuPkQpHVsjQYn1qLbjhfgKnkqfW2ZtZOfyB9TuXt8maXTbHYELOYIQ06CcXyp4n6iZnhMtHC/+8zNgqOMOuSe2QuPMN9oDBZTdJhcWCfIPT9N4T0QlbZ3t2j75UhVd2qNhwDnb+LqWXbbToSd8c8npYgu7QKnazQY+I4IKv2cdfMhQfO/zTm0nlov471rScVf9hRiiWUypmOtH0yMiK7lPp7ppzuuDMlUOxSmMRxnd65rbXnEcEsceY5oXf9 bar
servo:/tmp/cdtemp.mgJxDc 0$ ssh-keygen -R example.server.net -f ./known_hosts
./known_hosts updated.
Original contents retained as ./known_hosts.old
servo:/tmp/cdtemp.mgJxDc 0$ cat known_hosts
example2.server.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0pZPJyb1TA+ykjXRO6VuieYxMNexgE1WEhvBHnOvPAI4u/N65BMp+QE9MO6m6gQdwcqy3d8jQM/FiJhuyk4RyBOCqyuPkQpHVsjQYn1qLbjhfgKnkqfW2ZtZOfyB9TuXt8maXTbHYELOYIQ06CcXyp4n6iZnhMtHC/+8zNgqOMOuSe2QuPMN9oDBZTdJhcWCfIPT9N4T0QlbZ3t2j75UhVd2qNhwDnb+LqWXbbToSd8c8npYgu7QKnazQY+I4IKv2cdfMhQfO/zTm0nlov471rScVf9hRiiWUypmOtH0yMiK7lPp7ppzuuDMlUOxSmMRxnd65rbXnEcEsceY5oXf9
servo:/tmp/cdtemp.mgJxDc 0$ 

Again, an attempt was made to remove a host *other* than
example2.server.net, but the net result was that *all* comments where
removed from the file, this time even though nothing else was removed.

I did not want to make this bug grave, since it's really not, but it
does involve data loss, which could be very problematic for programs
that need to use known_host comments.

Thanks for the help.

jamie.

- -- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-client depends on:
ii  adduser               3.110              add and remove users and groups
ii  debconf [debconf-2.0] 1.5.24             Debian configuration management sy
ii  dpkg                  1.14.23            Debian package management system
ii  libc6                 2.7-16             GNU C Library: Shared libraries
ii  libcomerr2            1.41.3-1           common error description library
ii  libedit2              2.11~20080614-1    BSD editline and history libraries
ii  libkrb53              1.6.dfsg.4~beta1-4 MIT Kerberos runtime libraries
ii  libncurses5           5.6+20080830-2     shared libraries for terminal hand
ii  libssl0.9.8           0.9.8g-14          SSL shared libraries
ii  passwd                1:4.1.1-6          change and administer password and
ii  zlib1g                1:1.2.3.3.dfsg-12  compression library - runtime

Versions of packages openssh-client recommends:
ii  openssh-blacklist             0.4.1      list of default blacklisted OpenSS
ii  openssh-blacklist-extra       0.4.1      list of non-default blacklisted Op
ii  xauth                         1:1.0.3-2  X authentication utility

Versions of packages openssh-client suggests:
ii  gtk-led-askpass [ssh-askpass 0.10-2      GTK+ password dialog suitable for 
pn  keychain                     <none>      (no description available)
pn  libpam-ssh                   <none>      (no description available)
ii  ssh-askpass                  1:1.2.4.1-7 under X, asks user for a passphras

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQIcBAEBAgAGBQJJSXUJAAoJEO00zqvie6q8GZAP/2zGaPYV3GPOxVdVkXgdmInC
uUjJ1g6iLE+PBAlLSV4ezqqI8FzRARSxv2uypzELHgiDQLL/zfBFg/BA2H+HfE5s
s5xISQMYEb4fKEoFiciugCTgAf5xR9tmYYMzYitVjYIfoJRwryTaiHOA3xA7fucJ
J2wEJTYEDvkom3PJuN+0uzw6TOiWkkFEJzcL0PaWEYorx/XGV7R/Rnd+VSLR+k8w
soQWLyTg20gT1adCOe7fAebSQCnuoYFWQal2IeEufhIw0eJprIHj/w+Gb/WOZFMk
zIEcmvkeM8H/KBw/1U6iFf21kY6UGBpRMIxzkyYxNzZ/yCzGBFkF2lqmUZD254h2
Wc+he67rnWCiADg0wBO00qkVQdZxxdJ4r9V9b5IUeSX8VCT4r0t1gqKPkVQD+UL6
t9uFPtTm8XelA8I1qjTQPoaS5o7ACNWmUTG7hyXwbLVv5o7MezmLE8zfSCbPT9g/
vMBHFOliqTAnCTDnbeJ6N8ScU0BV38Kg2fCCK084JEOD3kXVmuO8DYMiivRz2hmj
FWyXmKDAACfN+pTKjPTHJrpthSd+hlTEgN3AU99OtIL1JEd6F4h9xyYTGg21pmAQ
rryuD1wkajsbW7Ke1L0kkBB8sbcTbYH47gYu4rKnUVdcTGXX6tkY37WiX62KeC8R
eYg3Ye5Rm41t+mi1fHGa
=8OuW
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Bug#509028: openssh-client: ssh-keygen -l on known_hosts file does not display hostnames for lines with comments
Next by Date: Bug#509058: openssh-client: ssh-keygen does not read from stdin
Previous by thread: Bug#509028: openssh-client: ssh-keygen -l on known_hosts file does not display hostnames for lines with comments
Next by thread: Bug#509058: openssh-client: ssh-keygen does not read from stdin
Index(es):
- Date
- Thread