Package: openssh-client Version: 1:5.1p1-4 Severity: normal -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
ssh-keygen -R is currently removing all comments from the known_hosts file it's processing. Below is an example of ssh-keygen -R being run on a test known_host file: servo:/tmp/cdtemp.mgJxDc 0$ cat known_hosts example1.server.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0pZPJyb1TA+ykjXRO6VuieYxMNexgE1WEhvBHnOvPAI4u/N65BMp+QE9MO6m6gQdwcqy3d8jQM/FiJhuyk4RyBOCqyuPkQpHVsjQYn1qLbjhfgKnkqfW2ZtZOfyB9TuXt8maXTbHYELOYIQ06CcXyp4n6iZnhMtHC/+8zNgqOMOuSe2QuPMN9oDBZTdJhcWCfIPT9N4T0QlbZ3t2j75UhVd2qNhwDnb+LqWXbbToSd8c8npYgu7QKnazQY+I4IKv2cdfMhQfO/zTm0nlov471rScVf9hRiiWUypmOtH0yMiK7lPp7ppzuuDMlUOxSmMRxnd65rbXnEcEsceY5oXf9 foo example2.server.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0pZPJyb1TA+ykjXRO6VuieYxMNexgE1WEhvBHnOvPAI4u/N65BMp+QE9MO6m6gQdwcqy3d8jQM/FiJhuyk4RyBOCqyuPkQpHVsjQYn1qLbjhfgKnkqfW2ZtZOfyB9TuXt8maXTbHYELOYIQ06CcXyp4n6iZnhMtHC/+8zNgqOMOuSe2QuPMN9oDBZTdJhcWCfIPT9N4T0QlbZ3t2j75UhVd2qNhwDnb+LqWXbbToSd8c8npYgu7QKnazQY+I4IKv2cdfMhQfO/zTm0nlov471rScVf9hRiiWUypmOtH0yMiK7lPp7ppzuuDMlUOxSmMRxnd65rbXnEcEsceY5oXf9 bar servo:/tmp/cdtemp.mgJxDc 0$ ssh-keygen -R example1.server.net -f ./known_hosts ./known_hosts updated. Original contents retained as ./known_hosts.old servo:/tmp/cdtemp.mgJxDc 0$ cat known_hosts example2.server.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0pZPJyb1TA+ykjXRO6VuieYxMNexgE1WEhvBHnOvPAI4u/N65BMp+QE9MO6m6gQdwcqy3d8jQM/FiJhuyk4RyBOCqyuPkQpHVsjQYn1qLbjhfgKnkqfW2ZtZOfyB9TuXt8maXTbHYELOYIQ06CcXyp4n6iZnhMtHC/+8zNgqOMOuSe2QuPMN9oDBZTdJhcWCfIPT9N4T0QlbZ3t2j75UhVd2qNhwDnb+LqWXbbToSd8c8npYgu7QKnazQY+I4IKv2cdfMhQfO/zTm0nlov471rScVf9hRiiWUypmOtH0yMiK7lPp7ppzuuDMlUOxSmMRxnd65rbXnEcEsceY5oXf9 servo:/tmp/cdtemp.mgJxDc 0$ Notice that the command is to remove example1.server.net from the file, but the comment on example2.server.net is removed in the process. This also happens when nothing is removed from the file at all: servo:/tmp/cdtemp.mgJxDc 0$ cat known_hosts example2.server.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0pZPJyb1TA+ykjXRO6VuieYxMNexgE1WEhvBHnOvPAI4u/N65BMp+QE9MO6m6gQdwcqy3d8jQM/FiJhuyk4RyBOCqyuPkQpHVsjQYn1qLbjhfgKnkqfW2ZtZOfyB9TuXt8maXTbHYELOYIQ06CcXyp4n6iZnhMtHC/+8zNgqOMOuSe2QuPMN9oDBZTdJhcWCfIPT9N4T0QlbZ3t2j75UhVd2qNhwDnb+LqWXbbToSd8c8npYgu7QKnazQY+I4IKv2cdfMhQfO/zTm0nlov471rScVf9hRiiWUypmOtH0yMiK7lPp7ppzuuDMlUOxSmMRxnd65rbXnEcEsceY5oXf9 bar servo:/tmp/cdtemp.mgJxDc 0$ ssh-keygen -R example.server.net -f ./known_hosts ./known_hosts updated. Original contents retained as ./known_hosts.old servo:/tmp/cdtemp.mgJxDc 0$ cat known_hosts example2.server.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0pZPJyb1TA+ykjXRO6VuieYxMNexgE1WEhvBHnOvPAI4u/N65BMp+QE9MO6m6gQdwcqy3d8jQM/FiJhuyk4RyBOCqyuPkQpHVsjQYn1qLbjhfgKnkqfW2ZtZOfyB9TuXt8maXTbHYELOYIQ06CcXyp4n6iZnhMtHC/+8zNgqOMOuSe2QuPMN9oDBZTdJhcWCfIPT9N4T0QlbZ3t2j75UhVd2qNhwDnb+LqWXbbToSd8c8npYgu7QKnazQY+I4IKv2cdfMhQfO/zTm0nlov471rScVf9hRiiWUypmOtH0yMiK7lPp7ppzuuDMlUOxSmMRxnd65rbXnEcEsceY5oXf9 servo:/tmp/cdtemp.mgJxDc 0$ Again, an attempt was made to remove a host *other* than example2.server.net, but the net result was that *all* comments where removed from the file, this time even though nothing else was removed. I did not want to make this bug grave, since it's really not, but it does involve data loss, which could be very problematic for programs that need to use known_host comments. Thanks for the help. jamie. - -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssh-client depends on: ii adduser 3.110 add and remove users and groups ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy ii dpkg 1.14.23 Debian package management system ii libc6 2.7-16 GNU C Library: Shared libraries ii libcomerr2 1.41.3-1 common error description library ii libedit2 2.11~20080614-1 BSD editline and history libraries ii libkrb53 1.6.dfsg.4~beta1-4 MIT Kerberos runtime libraries ii libncurses5 5.6+20080830-2 shared libraries for terminal hand ii libssl0.9.8 0.9.8g-14 SSL shared libraries ii passwd 1:4.1.1-6 change and administer password and ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages openssh-client recommends: ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op ii xauth 1:1.0.3-2 X authentication utility Versions of packages openssh-client suggests: ii gtk-led-askpass [ssh-askpass 0.10-2 GTK+ password dialog suitable for pn keychain <none> (no description available) pn libpam-ssh <none> (no description available) ii ssh-askpass 1:1.2.4.1-7 under X, asks user for a passphras - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQIcBAEBAgAGBQJJSXUJAAoJEO00zqvie6q8GZAP/2zGaPYV3GPOxVdVkXgdmInC uUjJ1g6iLE+PBAlLSV4ezqqI8FzRARSxv2uypzELHgiDQLL/zfBFg/BA2H+HfE5s s5xISQMYEb4fKEoFiciugCTgAf5xR9tmYYMzYitVjYIfoJRwryTaiHOA3xA7fucJ J2wEJTYEDvkom3PJuN+0uzw6TOiWkkFEJzcL0PaWEYorx/XGV7R/Rnd+VSLR+k8w soQWLyTg20gT1adCOe7fAebSQCnuoYFWQal2IeEufhIw0eJprIHj/w+Gb/WOZFMk zIEcmvkeM8H/KBw/1U6iFf21kY6UGBpRMIxzkyYxNzZ/yCzGBFkF2lqmUZD254h2 Wc+he67rnWCiADg0wBO00qkVQdZxxdJ4r9V9b5IUeSX8VCT4r0t1gqKPkVQD+UL6 t9uFPtTm8XelA8I1qjTQPoaS5o7ACNWmUTG7hyXwbLVv5o7MezmLE8zfSCbPT9g/ vMBHFOliqTAnCTDnbeJ6N8ScU0BV38Kg2fCCK084JEOD3kXVmuO8DYMiivRz2hmj FWyXmKDAACfN+pTKjPTHJrpthSd+hlTEgN3AU99OtIL1JEd6F4h9xyYTGg21pmAQ rryuD1wkajsbW7Ke1L0kkBB8sbcTbYH47gYu4rKnUVdcTGXX6tkY37WiX62KeC8R eYg3Ye5Rm41t+mi1fHGa =8OuW -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
