Bug#562432: ssh-keygen -r refuses to read keys in "known hosts" format
Package: openssh-client
Version: 1:5.1p1-5
Severity: minor
ssh-keygen -r wants its input_keyfile in "public key file" format,
which differs from "known hosts" format by the fact that there is no
hostname at the beginning of the line. Unlike ssh-keygen -l, which is
lenient about the input file format and accepts both formats,
ssh-keygen -r refuses a "known hosts" file with an unhelpful error
message ("failed to read v2 public key from $file"):
pleiades david ~ $ ssh-keyscan ssh.enst.fr > /tmp/host.pub
# ssh.enst.fr SSH-1.99-Sun_SSH_1.1
pleiades david ~ $ ssh-keygen -l -f /tmp/host.pub
1024 bb:f1:fa:f4:e8:56:37:cf:c3:3f:6d:58:64:3d:86:2b ssh.enst.fr (RSA)
pleiades david ~ $ ssh-keygen -r ssh.enst.fr -f /tmp/host.pub
failed to read v2 public key from /tmp/host.pub.
pleiades david ~ $ ed /tmp/host.pub
221
1s/^ssh\.enst\.fr //
w
209
q
pleiades david ~ $ ssh-keygen -l -f /tmp/host.pub
1024 bb:f1:fa:f4:e8:56:37:cf:c3:3f:6d:58:64:3d:86:2b /tmp/host.pub (RSA)
pleiades david ~ $ ssh-keygen -r ssh.enst.fr -f /tmp/host.pub
ssh.enst.fr IN SSHFP 1 1 c2b94d2e0e0d07fb51c06159b8f8acb4a985056b
Desired behavior: the principle of least surprise dictates that
ssh-keygen -r should accept its keys in the same formats as ssh-keygen
-l, so the third command above should not have produced any error
(rather, the result should have been the same as the last).
--
David A. Madore
( http://www.madore.org/~david/ )
Reply to: