Bug 1544

Summary:

ssh-keygen -l on known_hosts file does not display hostnames for lines with comments

Product:

Portable OpenSSH

Reporter:

Jameson Rollins <ssh-bugzilla>

Component:

ssh-keygen

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

CLOSED WONTFIX

Severity:

minor

CC:

djm, ssh-bugzilla

Priority:

Version:

5.1p1

Hardware:

Other

OS:

Linux

Bug Depends on:

1319

Bug Blocks:

Attachments:

Description	Flags
output of ssh-keygen -l on known_hosts file with comments	none
bz1544.diff	none

Description Jameson Rollins 2008-12-19 03:44:56 AEDT

Created attachment 1588 [details]
output of ssh-keygen -l on known_hosts file with comments

I am encountering a small bug when using ssh-keygen -l with
known_hosts files.  For lines that have comments, the hostname is not
diplayed in the ssh-keygen -l output.  Please see the attachment for a demonstration of the effect.

As you can see in the last command in the attachment, the hostname is not present in the display, although the comment is.

The monkeysphere [0] program uses the comment field in known_hosts files,
so this may present a problem for users of that program.

Thanks for the help.

[0] http://web.monkeysphere.info/

Comment 1 Damien Miller 2009-01-21 21:48:15 AEDT

I'm pretty sure that key comments in known_hosts files have only worked "by accident" before. That being said, we should try to preserve them...

Comment 2 Damien Miller 2010-08-03 15:40:50 AEST

We are freezing for the OpenSSH 5.6 release. Retargetting these bugs to the next release.

Comment 3 Damien Miller 2010-08-03 15:42:26 AEST

Targetting OpenSSH 5.7

Comment 4 Damien Miller 2011-01-24 12:30:47 AEDT

Retarget unclosed bugs from 5.7=>5.8

Comment 5 Damien Miller 2011-09-06 10:34:13 AEST

Retarget unresolved bugs/features to 6.0 release

Comment 6 Damien Miller 2011-09-06 10:36:26 AEST

Retarget unresolved bugs/features to 6.0 release

Comment 7 Damien Miller 2011-09-06 10:39:00 AEST

Retarget unresolved bugs/features to 6.0 release

(try again - bugzilla's "change several" isn't)

Comment 8 Damien Miller 2011-11-04 10:42:11 AEDT

Created attachment 2102 [details]
bz1544.diff

prefer hostnames to comments when printing fingerprints on known_hosts

Comment 9 Damien Miller 2011-11-04 10:54:31 AEDT

This is tricky, because ssh-keygen -l has to support both known_hosts and authorized_keys and there are no cheap heuristics to discern between them.

Comment 10 Damien Miller 2011-12-02 12:19:58 AEDT

The last patch is wrong, bug #1323 discusses the complexity of this in more detail.

Comment 11 Damien Miller 2011-12-02 12:59:37 AEDT

oops, I meant bug #1319

Comment 12 Damien Miller 2012-02-24 10:34:20 AEDT

Retarget from 6.0 to 6.1

Comment 13 Damien Miller 2012-02-24 10:37:59 AEDT

Retarget 6.0 => 6.1

Comment 14 Damien Miller 2012-09-07 11:37:51 AEST

Retarget uncompleted bugs from 6.1 => 6.2

Comment 15 Damien Miller 2012-09-07 11:40:19 AEST

Retarget bugs from 6.1 => 6.2

Comment 16 Damien Miller 2013-03-08 10:23:26 AEDT

retarget to openssh-6.3

Comment 17 Damien Miller 2013-07-25 12:17:33 AEST

Retarget to openssh-6.4

Comment 18 Damien Miller 2013-07-25 12:20:30 AEST

Retarget 6.3 -> 6.4

Comment 19 Damien Miller 2014-02-06 10:17:48 AEDT

Retarget incomplete bugs / feature requests to 6.6 release

Comment 20 Damien Miller 2014-02-06 10:19:40 AEDT

Retarget incomplete bugs / feature requests to 6.6 release

Comment 21 Damien Miller 2014-04-12 14:49:06 AEST

Retarget to 6.7 release, since 6.6 was mostly bugfixing.

Comment 22 Damien Miller 2014-04-12 14:55:01 AEST

Remove from 6.6 tracking bug

Comment 23 Damien Miller 2014-07-07 18:08:36 AEST

Remove from 6.7 blocker list. I'm not sure yet sure how to do this reliably

Comment 24 Damien Miller 2015-01-21 12:36:30 AEDT

HEAD now displays the comment when one is present in known_hosts, but at the cost of not displaying the hostname. I'm not sure whether this is an improvement or a regression :/

Comment 25 Jameson Rollins 2015-01-23 09:22:10 AEDT

(In reply to Damien Miller from comment #24)
> HEAD now displays the comment when one is present in known_hosts,
> but at the cost of not displaying the hostname. I'm not sure whether
> this is an improvement or a regression :/

Hi, Damien.  I'm confused by this, since what you're saying the "HEAD now displays" is exactly the same broken output that is the subject of this report.  So as far as I can tell it's not an improvement or a regression but is in fact the exact same brokenness.

Am I missing something?

Comment 26 Damien Miller 2015-11-17 11:24:40 AEDT

This is now implemented in HEAD, supporting RSA1 private keys, v2 public keys, authorized_keys, known_hosts and allowing ssh-keygen -lf- to read from stdin.

https://anongit.mindrot.org/openssh.git/commit/?id=c56a255162c2166884539c0a1f7511575325b477

It will be in the forthmcoming openssh-7.2 release

Comment 27 Damien Miller 2015-11-17 11:26:44 AEDT

oops, that message was meant for bug 1319. However, that commit does change the behaviour to ignore comments following public keys that are prefixed with '#' characters.

Comment 28 Damien Miller 2019-01-23 19:24:21 AEDT

I don't think further progress is really possible here - "ssh-keygen -l" has to support both known_hosts and authorized_keys files, and the default case for known_hosts has no comments.

I'd suggest the workaround I mentioned in 26: if you prefix your comments with '#' characters then ssh-keygen will ignore them.

Feel free to reopen if you have a better idea

Comment 29 Damien Miller 2019-05-03 14:42:36 AEST

Move resolved bugs -> CLOSED after 8.0 release