--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: openssh-client: ssh-add fails to read from FIFOs
- From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Date: Wed, 23 Feb 2011 22:35:37 -0500
- Message-id: <20110224033537.19288.79937.reportbug@localhost.localdomain>
Package: openssh-client
Version: 1:5.8p1-2
Severity: normal
Tags: upstream patch
Sometimes, it's nice to have ssh-add read a key from a FIFO instead of
writing the key to a file.
older versions of ssh (before 5.7p1, i think) would let you do that.
5.8p1-2 doesn't.
here's an example (i know, the key is already in the filesystem; this
is just an example):
ssh-keygen -t rsa -b 1024 -N '' -f test-key
umask 077
mfifo test-fifo
ssh-add test-fifo &
cat test-key > test-fifo
This no longer works :( It also means that "monkeysphere
subkey-to-ssh-agent" fails for users with openssh-client 5.8p1
installed.
I've reported the bug upstream at:
https://bugzilla.mindrot.org/show_bug.cgi?id=1869
And i'm attaching a patch that fixes the problem right now by
attempting reads of up to 8KiB if ssh-add detects that the file it is
reading from is a FIFO.
It would be great if debian could adopt this patch so that
monkeysphere would work again until upstream adopts it.
Thanks for your work on OpenSSH for debian,
--dkg
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.37-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssh-client depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii debconf [debconf-2.0 1.5.38 Debian configuration management sy
ii dpkg 1.15.8.10 Debian package management system
ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib
ii libedit2 2.11-20080614-2 BSD editline and history libraries
ii libgssapi-krb5-2 1.8.3+dfsg-4 MIT Kerberos runtime libraries - k
ii libselinux1 2.0.96-1 SELinux runtime shared libraries
ii libssl0.9.8 0.9.8o-5 SSL shared libraries
ii passwd 1:4.1.4.2+svn3283-3 change and administer password and
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages openssh-client recommends:
ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS
ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op
ii xauth 1:1.0.5-1 X authentication utility
Versions of packages openssh-client suggests:
pn keychain <none> (no description available)
pn libpam-ssh <none> (no description available)
ii ssh-askpass 1:1.2.4.1-9 under X, asks user for a passphras
-- no debconf information
=== modified file 'authfile.c'
--- authfile.c 2011-01-24 12:43:25 +0000
+++ authfile.c 2011-02-24 03:23:59 +0000
@@ -317,7 +317,7 @@
static int
key_load_file(int fd, const char *filename, Buffer *blob)
{
- size_t len;
+ size_t len,readcount;
u_char *cp;
struct stat st;
@@ -337,11 +337,14 @@
return 0;
}
len = (size_t)st.st_size; /* truncated */
+ if (0 == len && S_ISFIFO(st.st_mode))
+ len = 8192; /* we will try reading up to 8KiB from a FIFO */
buffer_init(blob);
cp = buffer_append_space(blob, len);
- if (atomicio(read, fd, cp, len) != len) {
+ readcount = atomicio(read, fd, cp, len);
+ if (readcount != len && !(readcount > 0 && S_ISFIFO(st.st_mode))) {
debug("%s: read from key file %.200s%sfailed: %.100s", __func__,
filename == NULL ? "" : filename,
filename == NULL ? "" : " ",
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:5.8p1-3
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:
openssh-client-udeb_5.8p1-3_i386.udeb
to main/o/openssh/openssh-client-udeb_5.8p1-3_i386.udeb
openssh-client_5.8p1-3_i386.deb
to main/o/openssh/openssh-client_5.8p1-3_i386.deb
openssh-server-udeb_5.8p1-3_i386.udeb
to main/o/openssh/openssh-server-udeb_5.8p1-3_i386.udeb
openssh-server_5.8p1-3_i386.deb
to main/o/openssh/openssh-server_5.8p1-3_i386.deb
openssh_5.8p1-3.debian.tar.gz
to main/o/openssh/openssh_5.8p1-3.debian.tar.gz
openssh_5.8p1-3.dsc
to main/o/openssh/openssh_5.8p1-3.dsc
ssh-askpass-gnome_5.8p1-3_i386.deb
to main/o/openssh/ssh-askpass-gnome_5.8p1-3_i386.deb
ssh-krb5_5.8p1-3_all.deb
to main/o/openssh/ssh-krb5_5.8p1-3_all.deb
ssh_5.8p1-3_all.deb
to main/o/openssh/ssh_5.8p1-3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 614897@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 18 Mar 2011 16:42:42 +0000
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source i386 all
Version: 1:5.8p1-3
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote machines
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 614897
Changes:
openssh (1:5.8p1-3) unstable; urgency=low
.
* Correct ssh-keygen instruction in the changelog for 1:5.7p1-1 (thanks,
Joel Stanley).
* Allow ssh-add to read from FIFOs (thanks, Daniel Kahn Gillmor; closes:
#614897).
Checksums-Sha1:
571fcaaf57470330a3fd29f49b0d8dc36b55ea52 2250 openssh_5.8p1-3.dsc
f4127eb0d55b2647cf5c2d4dce18c9bb60f5f59c 238869 openssh_5.8p1-3.debian.tar.gz
b9e4f5a5f8871541d9ae3f727c24d84d3b5ae795 940606 openssh-client_5.8p1-3_i386.deb
b39fe3057eb21e8389460ec7903184f33ba06c45 312508 openssh-server_5.8p1-3_i386.deb
abc23fbd58bda4dc5e879181095c9bfc4c213c3c 1244 ssh_5.8p1-3_all.deb
53c0a25abea79519bd802260c432aa2bfd5fd536 74886 ssh-krb5_5.8p1-3_all.deb
51f9fe835f4fb70282771dc0cc514ac1d406cd57 83262 ssh-askpass-gnome_5.8p1-3_i386.deb
1dd3712f2d3b1611a9df0d838383fee993d472a9 211490 openssh-client-udeb_5.8p1-3_i386.udeb
ebf2b2643f691c6254c781bcc553ed4d5febdba0 238054 openssh-server-udeb_5.8p1-3_i386.udeb
Checksums-Sha256:
5eab5d5ec37a20d52c6d4520b6db45bd2a3584e554889188b7e120541202b4f3 2250 openssh_5.8p1-3.dsc
70192c7b15318f268577092ecdfc770950ff7317657d4169eaa8baffea218057 238869 openssh_5.8p1-3.debian.tar.gz
98fe41d8e9a207d3ce9fd21868e750e2522300bd388229832cebb193ffc9db5e 940606 openssh-client_5.8p1-3_i386.deb
9c1350b3db85a376aa8812647fb1c4034bc7086137091dddb1b867f0083f5d69 312508 openssh-server_5.8p1-3_i386.deb
a6fa559ed690f4ce15fa1ff7b3d355badc5365def436a9a7c25811d74e1ffb95 1244 ssh_5.8p1-3_all.deb
df122b275ebfbf8915a8dc9c665b451cca7057d7f713e69031ac4e088d86dbd7 74886 ssh-krb5_5.8p1-3_all.deb
122667eb9430c5331a028aae2b71d0ef42aa4322b0090a506aeaef90de6245d4 83262 ssh-askpass-gnome_5.8p1-3_i386.deb
1e86bde01f584179befaddf5588a0ae69cf2b341622b5e7ece51c3f5580b6a47 211490 openssh-client-udeb_5.8p1-3_i386.udeb
98fe19a9d6e352d1a0b4c7e7c480e2559c0081fb0913c773bd57e8742d110362 238054 openssh-server-udeb_5.8p1-3_i386.udeb
Files:
49d85b433ae5d410b74b3a005563b09e 2250 net standard openssh_5.8p1-3.dsc
ef64ed59972b9214417f9233422cef88 238869 net standard openssh_5.8p1-3.debian.tar.gz
91c21871ca009dc3c261b1987fb34214 940606 net standard openssh-client_5.8p1-3_i386.deb
f6c816825bdd43546f9d1f998f5b1ce1 312508 net optional openssh-server_5.8p1-3_i386.deb
4bbfec9c7ac3373e4d7946efde1796fa 1244 net extra ssh_5.8p1-3_all.deb
e3837e8c415e64491f712437b1288907 74886 net extra ssh-krb5_5.8p1-3_all.deb
1e5922f613aef16b868843d772d54e17 83262 gnome optional ssh-askpass-gnome_5.8p1-3_i386.deb
e6e977bb657302bfcf67c5861303a609 211490 debian-installer optional openssh-client-udeb_5.8p1-3_i386.udeb
b9bbdb80a71eed893305f842282021cd 238054 debian-installer optional openssh-server-udeb_5.8p1-3_i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer
iQIVAwUBTYOMbTk1h9l9hlALAQh85w//dNjs/ktQdMjXe9r+V5jbmdzEA2KEwsnW
TAkI5TpncJ9jgDOJYPUUyuk+MhEf6CNU8a1+vWgktS61nyeEJJ9NwKdykgFHP+Sn
yjgR+zDNqAGrGCFrg74R8V/8+JdicK3+eW+bgMs+0sENqZHsEDB5Syl8dyomO8xW
OA91dyRhllK6gVlWVhkw2R2NPWl1cbdMhSsg+kJFXo4TtTlmUeFzZIiiWDnkZPs+
PoYCnXwxmzmO5m+yxDfkD+UCVOWrfGrUB5TLQsPmLKP6VBdIeli7Br5iS6ivijQi
SzQAEnvcKdxwPvtdiLPggSFPX/85p5NGjWt8Yu1cYmACge0qbAAUnnSYjwWfrVJg
byyjsFBBjIMl8qawzrGdEUY/dEzoPfDAS51rWBcvfEhsxCkyfEd6OyTbmcI7ayWF
6qsGOKZajo5DboYCL9NiiwTeYqKx2PzkGIMwhNIXpS/MXtu6w9bRKdFPWM0aUYFe
MgPXSDkOOkfRMIidqH2UqXR4W5IDEBshIQmLKsEL5yXAoCPuc/GXycZJ6CLpBMNk
mtaZqM8ep7qA8SLW77KRDOqieGfpNUDAbi30EN1dGqnDPIWIz1TPjWk7N05cYg7g
VSI2famCbPsP6ChxSzqDcXy45+np5bv83ZzDTtiF3RGqKqbA7YZjXgk4ICArfw29
MFIClfTXMUw=
=nxRA
-----END PGP SIGNATURE-----
--- End Message ---