Bug 1784

Summary: ssh-keygen fails to create .ssh directory when filename of key file contains multiple slashes
Product: Portable OpenSSH Reporter: B S Srinidhi <srinidhi.bs>
Component: ssh-keygenAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WONTFIX    
Severity: normal CC: djm
Priority: P2    
Version: 5.2p1   
Hardware: All   
OS: Linux   

Description B S Srinidhi 2010-06-20 05:23:10 AEST 
In Linux, multiple slashes in the file path have the same effect as a single slash character. For example, "/home//foo/" is the same as "/home/foo/". ssh-keygen doesn't work with filenames containing multiple slashes.

Behavior of ssh-keygen With double slashes:

# su - foo -c "ssh-keygen -t rsa -f /home/foo//.ssh/id_rsa -N ''"
Generating public/private rsa key pair.
open /home/foo//.ssh/id_rsa failed: No such file or directory.
Saving the key failed: /home/foo//.ssh/id_rsa.

# su - foo -c "ssh-keygen -t rsa -f /home/foo/.ssh/id_rsa -N ''"
Generating public/private rsa key pair.
Created directory '/home/foo/.ssh'.
Your identification has been saved in /home/foo/.ssh/id_rsa.
Your public key has been saved in /home/foo/.ssh/id_rsa.pub.
The key fingerprint is:
3a:1b:5a:af:3a:0a:f4:32:da:87:a9:e6:98:b0:d4:87 foo@toruk
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|                 |
|                 |
|                 |
| .      S        |
|. o .  .         |
|o+ E .=          |
|=*= +o =         |
|Ooooooo..        |
+-----------------+

# getent passwd foo
foo:x:1004:100::/home/foo:/bin/bash

# ssh -V
OpenSSH_5.2p1, OpenSSL 0.9.8k 25 Mar 2009

I have also seen the same behavior with OpenSSH_4.2p1.
Comment 1 B S Srinidhi 2010-06-20 05:45:42 AEST 
It looks like the following code snippet might be the cause:

 1896:        /* Create ~/.ssh directory if it doesn't already exist. */
 1897:        snprintf(dotsshdir, sizeof dotsshdir, "%s/%s",
 1898:            pw->pw_dir, _PATH_SSH_USER_DIR);
 1899:        if (strstr(identity_file, dotsshdir) != NULL) {

From: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-keygen.c?annotate=1.190

dotsshdir is expected to be a substring of identity_file. I think before
calling strstr() on the 2 strings, identity_file should be canonicalized
- either by realpath() or canonicalize_file_name()

On the same note, ssh-keygen will fail if the identity_file contains a relative path:

# su - foo -c "ssh-keygen -t rsa -f /home/foo/bin/../.ssh/id_rsa -N ''"
Generating public/private rsa key pair.
open /home/foo/bin/../.ssh/id_rsa failed: No such file or directory.
Saving the key failed: /home/foo/bin/../.ssh/id_rsa.
Comment 2 Damien Miller 2010-06-20 08:23:05 AEST 
If you are explicitly passing a path to ssh-keygen then don't count on it to create the directory components for you. I don't think this is worth complicating our code to fix.
Comment 3 Damien Miller 2011-01-24 12:33:47 AEDT 
Move resolved bugs to CLOSED after 5.7 release