Package: openssh-client
Version: 1:6.7p1-5
Severity: normal
Dear Maintainer,
The openssh client included with Debian 8 is overly sensitive to the
extra intervening whitespace characters between the key type and the
value in the known_hosts file.
To me, this is a known problem for *this* version of openssh.
An older version (6.1p1, release 11.fc18, included with Fedora Core
18) did not have this problem.
The version that comes with Debian 7 (1:6.0p1-4+deb7u2) did not have
this issue as well.
For example, consider this entry in ~/.ssh/known_hosts:
192.168.0.120 ecdsa-sha2-nistp256 AAAAE2Vj...=
Here, 192.168.0.120 is the IP address or hostname (doesn't matter; the
failure does not pertain that).
The ecdsa-sha2-nistp256 is the type of the host public key, and
AAAAE2Vj...= represents the value of the key.
That entry works fine.
If I add an extra whitespace between the IP address and the key type,
it still works fine:
192.168.0.120 ecdsa-sha2-nistp256 AAAAE2Vj...=
But if I add the extra whitespace after the word
"ecdsa-sha2-nistp256", then the host key matching fails.
192.168.0.120 ecdsa-sha2-nistp256 AAAAE2Vj...=
The 'ssh -vvv 192.168.0.120' will print, among others,
debug3: load_hostkeys: loading entries for host "192.168.0.120"
from file "/home/user/.ssh/known_hosts"
debug3: load_hostkeys: loaded 0 keys
So it failed to load the key for some reason.
This is an unwanted behavior, as I tend to keep ~/.ssh/known_hosts in
a column-aligned fashion, which means I introduce extra whitespaces
everywhere between items.
A cursory look into the source code tracks the possible error here
(in file:function format):
- hostfile.c:hostfile_read_key
- key.c:key_read
- sshkey.c:sshkey_read
It looks like the bug is in the last function.
Thanks,
Wirawan
-- System Information:
Debian Release: 8.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages openssh-client depends on:
ii adduser 3.113+nmu3
ii dpkg 1.17.25
ii libc6 2.19-18
ii libedit2 3.1-20140620-2
ii libgssapi-krb5-2 1.12.1+dfsg-19
ii libselinux1 2.3-2
ii libssl1.0.0 1.0.1k-3+deb8u1
ii passwd 1:4.2-3
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages openssh-client recommends:
ii xauth 1:1.0.9-1
Versions of packages openssh-client suggests:
pn keychain <none>
pn libpam-ssh <none>
pn monkeysphere <none>
pn ssh-askpass <none>
-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
