On Wed, 22 May 2019, Mark Lumsden wrote:
Date: Wed, 22 May 2019 18:49:23 +0000 (UTC)
From: Mark Lumsden <c...@sdf.org>
To: tech@openbsd.org
Subject: ssh-keygen: interactive comment change
I used the -C command line option of ssh-keygen to change the comment of a
public key and got confused with the output. For example, if the original
comment was 'mark@home', this is what would happen trying to amend the
comment to 'mark@work' via -C:
$ ssh-keygen -f test_rsa -c -C mark@work
Key now has comment 'mark@home'
The comment in your key file has been changed.
$
The line "Key now has comment 'mark@home'" suggested to me that the comment
had been changed to 'mark@home'. But thats not really a change. However, the
comment had actually changed in the .pub file. It looks like the wording has
been designed to work without the -C option and _only_ the -c option:
$ ssh-keygen -f test_rsa -c
Key now has comment 'mark@home'
Enter new comment: mark@work
The comment in your key file has been changed.
$
Everything becomes clear when you run the command interactively via -c only.
The diff below attempts to make the wording make sense which ever way you try
to change a comment on a .pub file:
$ ssh-keygen -f test_rsa -c
Old comment: mark@home
New comment: mark@work
Comment 'mark@work' applied
$
$ ssh-keygen -f test_rsa -c -C mark@work
Old comment: mark@home
Comment 'mark@work' applied
$
It also compares the old and new comments and informs if there is no change:
$ ssh-keygen -f test_rsa -c -C mark@home
Old comment: mark@home
No change to comment
$
$ ssh-keygen -f test_rsa -c
Old comment: mark@work
New comment: mark@work
No change to comment
$
ok?
Mark
Here is a better diff.
It doesn't say that the public key has been written, until it has
actually been written.
If there is no change detected in the old and new comments, it doesn't try
and write anything, just cleans up and exits.
Index: ssh-keygen.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh-keygen.c,v
retrieving revision 1.329
diff -u -p -u -p -r1.329 ssh-keygen.c
--- ssh-keygen.c 25 Mar 2019 16:19:44 -0000 1.329
+++ ssh-keygen.c 22 May 2019 19:40:49 -0000
@@ -1466,15 +1466,15 @@ do_change_comment(struct passwd *pw, con
sshkey_free(private);
exit(1);
}
- if (comment)
- printf("Key now has comment '%s'\n", comment);
+ if (strlen(comment) > 0)
+ printf("Old comment: %s\n", comment);
else
- printf("Key now has no comment\n");
+ printf("No existing comment\n");
if (identity_comment) {
strlcpy(new_comment, identity_comment, sizeof(new_comment));
} else {
- printf("Enter new comment: ");
+ printf("New comment: ");
fflush(stdout);
if (!fgets(new_comment, sizeof(new_comment), stdin)) {
explicit_bzero(passphrase, strlen(passphrase));
@@ -1483,6 +1483,13 @@ do_change_comment(struct passwd *pw, con
}
new_comment[strcspn(new_comment, "\n")] = '\0';
}
+ if (strcmp(comment, new_comment) == 0) {
+ printf("No change to comment\n");
+ free(passphrase);
+ sshkey_free(private);
+ free(comment);
+ exit(0);
+ }
/* Save the file using the new passphrase. */
if ((r = sshkey_save_private(private, identity_file, passphrase,
@@ -1514,9 +1521,13 @@ do_change_comment(struct passwd *pw, con
fprintf(f, " %s\n", new_comment);
fclose(f);
+ if (strlen(new_comment) > 0)
+ printf("Comment '%s' applied\n", new_comment);
+ else
+ printf("Comment removed\n");
+
free(comment);
- printf("The comment in your key file has been changed.\n");
exit(0);
}
