Bug 2239

Summary:

ssh-keygen cannot handle Linux with 64 char long hostname

Product:

Portable OpenSSH

Reporter:

Milos Vyletel <milos.vyletel>

Component:

ssh-keygen

Assignee:

Damien Miller <djm>

Status:

CLOSED FIXED

Severity:

minor

CC:

djm, milos.vyletel

Priority:

Version:

6.6p1

Hardware:

All

OS:

Linux

Bug Depends on:

Bug Blocks:

2226

Attachments:

Description	Flags
patch	none
use NI_MAXHOST instead of HOSTNAMELEN	none

Description Milos Vyletel 2014-05-07 04:08:01 AEST

Created attachment 2434 [details]
patch

I've tried to set set hostname on my linux box to 64 characters which is the maximum supported by Linux. This works fine but breaks ssh-keygen (and possibly other openssh tools) because Linux sets MAXHOSTNAMELEN to 64 which does not account for trailing zero.

I've tested this on 
OEL 6.5 (2.6.32-431.3.1.el6 kernel) and openssh-5.3p1-94.el6.x86_64
OEL 6.5 (2.6.32-431.3.1.el6 kernel) and OpenSSH_6.6p1
Fedora 20 (3.15.0-rc2+ kernel) and openssh-6.4p1-3.fc20.x86_64

The above root cause seems like a intentional design decision in Linux kernel. Unlike OpenBSD where MAXHOSTNAMELEN is _POSIX_HOST_NAME_MAX + trailing zero

/usr/include/limits.h:#define _POSIX_HOST_NAME_MAX      255
/usr/include/sys/param.h:#define MAXHOSTNAMELEN 256             /* max hostname size */

in Linux they are same and is up to program to reserve enough space
/usr/include/bits/local_lim.h:#define HOST_NAME_MAX             64
/usr/include/asm-generic/param.h:#define MAXHOSTNAMELEN 64      /* max length of hostname */

Here's reproduction

$ hostname
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
$ hostname | wc -c
65

OEL 6.5
$ rpm -qf $(which ssh-keygen)
openssh-5.3p1-94.el6.x86_64
$ ssh-keygen -t rsa
gethostname: File name too long
$

Fedora 20
$ rpm -qf $(which ssh-keygen)
openssh-6.4p1-3.fc20.x86_64
$ ssh-keygen -t rsa
gethostname: File name too long
$

OEL 6.5 + attached patch
$ ./ssh -V
OpenSSH_6.6p1, OpenSSL 1.0.1e-fips 11 Feb 2013
$ ./ssh-keygen -t ecdsa
Generating public/private ecdsa key pair.
Enter file in which to save the key (/PATH/.ssh/id_ecdsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /PATH/.ssh/id_ecdsa.
Your public key has been saved in /PATH/.ssh/id_ecdsa.pub.
The key fingerprint is:
92:d7:3d:a3:7d:76:1e:c6:39:be:8c:91:d8:32:36:f9 mv@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The key's randomart image is:
+--[ECDSA  256]---+
|                 |
|                 |
|                 |
|       . . .     |
|      o S . +    |
|       o   o+oo .|
|          .B.+o*.|
|          . =o*oo|
|             E +o|
+-----------------+

If you need any additional info please let me know. Attached is a proposed patch that would redefine MAXHOSTNAMELEN on Linux to 65.

Comment 1 Damien Miller 2014-07-03 13:03:02 AEST

Created attachment 2448 [details]
use NI_MAXHOST instead of HOSTNAMELEN

I think we should just standardise on using strings of length NI_MAXHOST for hostnames. We do in about 1/2 the cases already.

Comment 2 Damien Miller 2014-07-03 13:34:38 AEST

patch applied, will be in openssh-6.7. Thanks!

Comment 3 Damien Miller 2014-10-08 08:00:41 AEDT

Close all bugs left open from 6.6 and 6.7 releases.