[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#614897: marked as done (openssh-client: ssh-add fails to read from FIFOS, breaks monkeysphere subkey-to-ssh-agent)

Your message dated Fri, 18 Mar 2011 17:09:20 +0000
with message-id <E1Q0dAu-0002o8-O8@franck.debian.org>
and subject line Bug#614897: fixed in openssh 1:5.8p1-3
has caused the Debian Bug report #614897,
regarding openssh-client: ssh-add fails to read from FIFOS, breaks monkeysphere subkey-to-ssh-agent
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org

614897: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614897
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: openssh-client
Version: 1:5.8p1-2
Severity: normal
Tags: upstream patch

Sometimes, it's nice to have ssh-add read a key from a FIFO instead of
writing the key to a file.

older versions of ssh (before 5.7p1, i think) would let you do that.
5.8p1-2 doesn't.

here's an example (i know, the key is already in the filesystem; this
is just an example):

 ssh-keygen -t rsa -b 1024 -N '' -f test-key
 umask 077
 mfifo test-fifo
 ssh-add test-fifo &
 cat test-key > test-fifo

This no longer works :( It also means that "monkeysphere
subkey-to-ssh-agent" fails for users with openssh-client 5.8p1

I've reported the bug upstream at:


And i'm attaching a patch that fixes the problem right now by
attempting reads of up to 8KiB if ssh-add detects that the file it is
reading from is a FIFO.

It would be great if debian could adopt this patch so that
monkeysphere would work again until upstream adopts it.

Thanks for your work on OpenSSH for debian,


-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.37-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-client depends on:
ii  adduser              3.112+nmu2          add and remove users and groups
ii  debconf [debconf-2.0 1.5.38              Debian configuration management sy
ii  dpkg                  Debian package management system
ii  libc6                2.11.2-11           Embedded GNU C Library: Shared lib
ii  libedit2             2.11-20080614-2     BSD editline and history libraries
ii  libgssapi-krb5-2     1.8.3+dfsg-4        MIT Kerberos runtime libraries - k
ii  libselinux1          2.0.96-1            SELinux runtime shared libraries
ii  libssl0.9.8          0.9.8o-5            SSL shared libraries
ii  passwd               1: change and administer password and
ii  zlib1g               1:    compression library - runtime

Versions of packages openssh-client recommends:
ii  openssh-blacklist             0.4.1      list of default blacklisted OpenSS
ii  openssh-blacklist-extra       0.4.1      list of non-default blacklisted Op
ii  xauth                         1:1.0.5-1  X authentication utility

Versions of packages openssh-client suggests:
pn  keychain                     <none>      (no description available)
pn  libpam-ssh                   <none>      (no description available)
ii  ssh-askpass                  1: under X, asks user for a passphras

-- no debconf information
=== modified file 'authfile.c'
--- authfile.c	2011-01-24 12:43:25 +0000
+++ authfile.c	2011-02-24 03:23:59 +0000
@@ -317,7 +317,7 @@
 static int
 key_load_file(int fd, const char *filename, Buffer *blob)
-	size_t len;
+	size_t len,readcount;
 	u_char *cp;
 	struct stat st;
@@ -337,11 +337,14 @@
 		return 0;
 	len = (size_t)st.st_size;		/* truncated */
+	if (0 == len && S_ISFIFO(st.st_mode))
+		len = 8192; /* we will try reading up to 8KiB from a FIFO */
 	cp = buffer_append_space(blob, len);
-	if (atomicio(read, fd, cp, len) != len) {
+	readcount = atomicio(read, fd, cp, len);
+	if (readcount != len && !(readcount > 0 && S_ISFIFO(st.st_mode))) {
 		debug("%s: read from key file %.200s%sfailed: %.100s", __func__,
 		    filename == NULL ? "" : filename,
 		    filename == NULL ? "" : " ",

--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:5.8p1-3

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

  to main/o/openssh/openssh-client-udeb_5.8p1-3_i386.udeb
  to main/o/openssh/openssh-client_5.8p1-3_i386.deb
  to main/o/openssh/openssh-server-udeb_5.8p1-3_i386.udeb
  to main/o/openssh/openssh-server_5.8p1-3_i386.deb
  to main/o/openssh/openssh_5.8p1-3.debian.tar.gz
  to main/o/openssh/openssh_5.8p1-3.dsc
  to main/o/openssh/ssh-askpass-gnome_5.8p1-3_i386.deb
  to main/o/openssh/ssh-krb5_5.8p1-3_all.deb
  to main/o/openssh/ssh_5.8p1-3_all.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 614897@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)

Hash: SHA256

Format: 1.8
Date: Fri, 18 Mar 2011 16:42:42 +0000
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source i386 all
Version: 1:5.8p1-3
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 614897
 openssh (1:5.8p1-3) unstable; urgency=low
   * Correct ssh-keygen instruction in the changelog for 1:5.7p1-1 (thanks,
     Joel Stanley).
   * Allow ssh-add to read from FIFOs (thanks, Daniel Kahn Gillmor; closes:
 571fcaaf57470330a3fd29f49b0d8dc36b55ea52 2250 openssh_5.8p1-3.dsc
 f4127eb0d55b2647cf5c2d4dce18c9bb60f5f59c 238869 openssh_5.8p1-3.debian.tar.gz
 b9e4f5a5f8871541d9ae3f727c24d84d3b5ae795 940606 openssh-client_5.8p1-3_i386.deb
 b39fe3057eb21e8389460ec7903184f33ba06c45 312508 openssh-server_5.8p1-3_i386.deb
 abc23fbd58bda4dc5e879181095c9bfc4c213c3c 1244 ssh_5.8p1-3_all.deb
 53c0a25abea79519bd802260c432aa2bfd5fd536 74886 ssh-krb5_5.8p1-3_all.deb
 51f9fe835f4fb70282771dc0cc514ac1d406cd57 83262 ssh-askpass-gnome_5.8p1-3_i386.deb
 1dd3712f2d3b1611a9df0d838383fee993d472a9 211490 openssh-client-udeb_5.8p1-3_i386.udeb
 ebf2b2643f691c6254c781bcc553ed4d5febdba0 238054 openssh-server-udeb_5.8p1-3_i386.udeb
 5eab5d5ec37a20d52c6d4520b6db45bd2a3584e554889188b7e120541202b4f3 2250 openssh_5.8p1-3.dsc
 70192c7b15318f268577092ecdfc770950ff7317657d4169eaa8baffea218057 238869 openssh_5.8p1-3.debian.tar.gz
 98fe41d8e9a207d3ce9fd21868e750e2522300bd388229832cebb193ffc9db5e 940606 openssh-client_5.8p1-3_i386.deb
 9c1350b3db85a376aa8812647fb1c4034bc7086137091dddb1b867f0083f5d69 312508 openssh-server_5.8p1-3_i386.deb
 a6fa559ed690f4ce15fa1ff7b3d355badc5365def436a9a7c25811d74e1ffb95 1244 ssh_5.8p1-3_all.deb
 df122b275ebfbf8915a8dc9c665b451cca7057d7f713e69031ac4e088d86dbd7 74886 ssh-krb5_5.8p1-3_all.deb
 122667eb9430c5331a028aae2b71d0ef42aa4322b0090a506aeaef90de6245d4 83262 ssh-askpass-gnome_5.8p1-3_i386.deb
 1e86bde01f584179befaddf5588a0ae69cf2b341622b5e7ece51c3f5580b6a47 211490 openssh-client-udeb_5.8p1-3_i386.udeb
 98fe19a9d6e352d1a0b4c7e7c480e2559c0081fb0913c773bd57e8742d110362 238054 openssh-server-udeb_5.8p1-3_i386.udeb
 49d85b433ae5d410b74b3a005563b09e 2250 net standard openssh_5.8p1-3.dsc
 ef64ed59972b9214417f9233422cef88 238869 net standard openssh_5.8p1-3.debian.tar.gz
 91c21871ca009dc3c261b1987fb34214 940606 net standard openssh-client_5.8p1-3_i386.deb
 f6c816825bdd43546f9d1f998f5b1ce1 312508 net optional openssh-server_5.8p1-3_i386.deb
 4bbfec9c7ac3373e4d7946efde1796fa 1244 net extra ssh_5.8p1-3_all.deb
 e3837e8c415e64491f712437b1288907 74886 net extra ssh-krb5_5.8p1-3_all.deb
 1e5922f613aef16b868843d772d54e17 83262 gnome optional ssh-askpass-gnome_5.8p1-3_i386.deb
 e6e977bb657302bfcf67c5861303a609 211490 debian-installer optional openssh-client-udeb_5.8p1-3_i386.udeb
 b9bbdb80a71eed893305f842282021cd 238054 debian-installer optional openssh-server-udeb_5.8p1-3_i386.udeb
Package-Type: udeb

Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer


--- End Message ---

Reply to: