--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: openssh-client: ssh-keygen does not read from stdin
- From: Jameson Graef Rollins <jrollins@finestructure.net>
- Date: Wed, 17 Dec 2008 17:08:15 -0500
- Message-id: <20081217220815.23324.79140.reportbug@servo.finestructure.net>
Package: openssh-client
Version: 1:5.1p1-4
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Reading from stdin is either broken or not properly supported in
ssh-keygen. It appears that ssh-keygen will read from a file
redirection, but not from a pipeline:
servo:/tmp/cdtemp.laHoFb 0$ ssh-keygen -l -f id_rsa.pub
1024 23:ff:58:10:19:b6:5d:4f:c9:92:28:00:57:2c:5a:c8 id_rsa.pub (RSA)
servo:/tmp/cdtemp.laHoFb 0$ ssh-keygen -l -f /dev/stdin <id_rsa.pub
1024 23:ff:58:10:19:b6:5d:4f:c9:92:28:00:57:2c:5a:c8 /dev/stdin (RSA)
servo:/tmp/cdtemp.laHoFb 0$ cat id_rsa.pub | ssh-keygen -l -f /dev/stdin
/dev/stdin is not a public key file.
servo:/tmp/cdtemp.laHoFb 1$
This bug has been reported upstream (bug 1477), but I thought it would
be prudent to report it here as well, as this is a feature I would
really like to see working.
jamie.
[0] https://bugzilla.mindrot.org/show_bug.cgi?id=1477
- -- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssh-client depends on:
ii adduser 3.110 add and remove users and groups
ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy
ii dpkg 1.14.23 Debian package management system
ii libc6 2.7-16 GNU C Library: Shared libraries
ii libcomerr2 1.41.3-1 common error description library
ii libedit2 2.11~20080614-1 BSD editline and history libraries
ii libkrb53 1.6.dfsg.4~beta1-4 MIT Kerberos runtime libraries
ii libncurses5 5.6+20080830-2 shared libraries for terminal hand
ii libssl0.9.8 0.9.8g-14 SSL shared libraries
ii passwd 1:4.1.1-6 change and administer password and
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages openssh-client recommends:
ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS
ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op
ii xauth 1:1.0.3-2 X authentication utility
Versions of packages openssh-client suggests:
ii gtk-led-askpass [ssh-askpass 0.10-2 GTK+ password dialog suitable for
pn keychain <none> (no description available)
pn libpam-ssh <none> (no description available)
ii ssh-askpass 1:1.2.4.1-7 under X, asks user for a passphras
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIcBAEBAgAGBQJJSXhKAAoJEO00zqvie6q8heQP/R0gJ8q9AOCSfQAzfOyrTrWv
hu0+kjNNg7SrgOqSKtbbAlc2EtEfG3T6FfoN0pJrWm6/D+OOb/NpDIKsaTa17sNd
koIMZlqzlJPcltb1f+M0xiLycFZZ0X61VVZqHtH8UcfKfYaMql5xZrRP54zaaBnp
VGnVnij5Ds9Lcd3TY7UHrTV8V7Wsr5Bb+TiLqW7j3XnsyVbEoMucNTM0WN/JUN1Z
sh8fDR2OG1mk24R2Fu1dtvdSYKwFGMdcXTpN9cdydU3i/R3pgRZwga5z10HL8bcJ
cQ66K1SGf7utNST10q5nKgvyv+Tg3RTRtPlXJuNwtYO9OREBeSLevAjcaprrBTGs
K7k7APcumoPU4R5tCslJQwwASPiH1Tr52AHDE0BR33ivieVdkZQOpe+PKssTLwKl
z8mCOBLJeyAcWDL/28QggG/l78x+wCxWffaQeGlL52P8tOmb228aiIrLbKVmx9EG
0B0UCq57ciosOt+vQbzmRJ07p2nerS91VW0eJ/Vp1Zu7HfyiIcnX0M/ncxf1gWAE
LEuaY/1/s0zbyLHTnFRrNLDe+zdZlashwTLPWasskfvFUakmkNInCa7Yd9CJlOft
Z2k02xzOxMuphryrTjOh1U1oJeunaqbiAaViR1ha2amPD7dXlfEuu06W9dNPHoh2
YKGJZjJaJuvKtx5bwk+g
=9huF
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:7.2p1-1
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 509058@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 08 Mar 2016 11:47:20 +0000
Source: openssh
Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.2p1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote machines
openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 509058 811125
Changes:
openssh (1:7.2p1-1) unstable; urgency=medium
.
* New upstream release (http://www.openssh.com/txt/release-7.2):
- This release disables a number of legacy cryptographic algorithms by
default in ssh:
+ Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants and
the rijndael-cbc aliases for AES.
+ MD5-based and truncated HMAC algorithms.
These algorithms are already disabled by default in sshd.
- ssh(1), sshd(8): Remove unfinished and unused roaming code (was
already forcibly disabled in OpenSSH 7.1p2).
- ssh(1): Eliminate fallback from untrusted X11 forwarding to trusted
forwarding when the X server disables the SECURITY extension.
- ssh(1), sshd(8): Increase the minimum modulus size supported for
diffie-hellman-group-exchange to 2048 bits.
- sshd(8): Pre-auth sandboxing is now enabled by default (previous
releases enabled it for new installations via sshd_config).
- all: Add support for RSA signatures using SHA-256/512 hash algorithms
based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt.
- ssh(1): Add an AddKeysToAgent client option which can be set to 'yes',
'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a
private key that is used during authentication will be added to
ssh-agent if it is running (with confirmation enabled if set to
'confirm').
- sshd(8): Add a new authorized_keys option "restrict" that includes all
current and future key restrictions (no-*-forwarding, etc.). Also add
permissive versions of the existing restrictions, e.g. "no-pty" ->
"pty". This simplifies the task of setting up restricted keys and
ensures they are maximally-restricted, regardless of any permissions
we might implement in the future.
- ssh(1): Add ssh_config CertificateFile option to explicitly list
certificates.
- ssh-keygen(1): Allow ssh-keygen to change the key comment for all
supported formats (closes: #811125).
- ssh-keygen(1): Allow fingerprinting from standard input, e.g.
"ssh-keygen -lf -" (closes: #509058).
- ssh-keygen(1): Allow fingerprinting multiple public keys in a file,
e.g. "ssh-keygen -lf ~/.ssh/authorized_keys".
- sshd(8): Support "none" as an argument for sshd_config Foreground and
ChrootDirectory. Useful inside Match blocks to override a global
default.
- ssh-keygen(1): Support multiple certificates (one per line) and
reading from standard input (using "-f -") for "ssh-keygen -L"
- ssh-keyscan(1): Add "ssh-keyscan -c ..." flag to allow fetching
certificates instead of plain keys.
- ssh(1): Better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in
hostname canonicalisation - treat them as already canonical and remove
the trailing '.' before matching ssh_config.
- sftp(1): Existing destination directories should not terminate
recursive uploads (regression in OpenSSH 6.8; LP: #1553378).
* Use HTTPS for Vcs-* URLs, and link to cgit rather than gitweb.
* Restore slogin symlinks for compatibility, although they were removed
upstream.
Checksums-Sha1:
cf84d64c03d2125fe8afde34d41a9eb611998b58 2837 openssh_7.2p1-1.dsc
d30a6fd472199ab5838a7668c0c5fd885fb8d371 1499707 openssh_7.2p1.orig.tar.gz
4f1748ebf771840951a950a2f9f30f4770cb7b4e 149096 openssh_7.2p1-1.debian.tar.xz
Checksums-Sha256:
bf48023b9dc6ef343deceb641075ceb9d3c883dc2310f9c793355bdd8732692e 2837 openssh_7.2p1-1.dsc
973cc37b2f3597e4cf599b09e604e79c0fe5d9b6f595a24e91ed0662860b4ac3 1499707 openssh_7.2p1.orig.tar.gz
126f2caf91d9137e4b0a5d665ffa2d3c1a3ca2d8e91337bba92522ea103d2d00 149096 openssh_7.2p1-1.debian.tar.xz
Files:
eb5050ee831c1f34d5890a542af783d5 2837 net standard openssh_7.2p1-1.dsc
b984775f0cfff1f7ff18b8797fce8a28 1499707 net standard openssh_7.2p1.orig.tar.gz
fbac966761c2977d3a8e25f7832c8fbe 149096 net standard openssh_7.2p1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer
iQIVAwUBVt68yjk1h9l9hlALAQgYRA/+PAMNeJ9qiC+olkTrsmwB5djEiZFCvDV7
dsjhrq+g0vmz1Yxtn6/3Yyp4iEjsjRiCGnm3HPgwzqv9CrUNAV2Z0HhoXfzC1Xbv
1s7R/qnBsrLFjcy1d0+ntCVljUnjx1Tcipw1JItlUGrWm7KFIblFro2lO6tA8wEu
Hbn1UJ9EdM9SKjficvwZokUKy/zMutIJtZFXRIo6Hft1V0wbFyRoQbMbVK/TD5z/
M1MgivJRyMKR71asA9yQlW1bO+wPYLT99N8Kqcsw6rPMvaLlt6us45K8fQC9Og5p
eEGkfMODd4XB10W2UzTxuhoLzRJxI4M1KLf9MfHow0u4qWcNEWd71Zg7Gr58hCCn
z9ISV+9LOyzUl++8DW5IwV2yMsc7CYSwhaOErLNIl6waQmLEB9Nfmp962pSENIly
6E+19wYYZja1RVKfpg39iqersl374Fduhj6M48I6TsamuTbv+9tm7kPM6P6bV+qm
7GvZ207Dyig3qWb51HNhjUEfDpkS7RXppzwqexVZJmTssLMl5zbD91M1z/aQMUJd
Klc0C5SdFcVSU82HjxSHQK9sqdgLKXs+/PlOo6es3D53pA0NwlwSJbSRFUYviOg9
GRUSKRe1xJU3f1Nr5oUS+JWx8C+NgFs4uJZ0rx2ZBZ8EKHMWMawaVbycuWiQxjTQ
Z8xrAWmd0kQ=
=IAsD
-----END PGP SIGNATURE-----
--- End Message ---