Bug 2325

Summary: excessive and unquietable stderr chatter
Product: Portable OpenSSH Reporter: Josh Kupershmidt <schmiddy>
Component: ssh-keygenAssignee: Damien Miller <djm>
Status: CLOSED FIXED    
Severity: minor CC: djm, dtucker
Priority: P5    
Version: -current   
Hardware: All   
OS: All   
Bug Depends on:    
Bug Blocks: 2360    
Attachments:
Description Flags
convert ssh-keygen to logit/error/fatal dtucker: ok+

Description Josh Kupershmidt 2014-12-06 03:04:17 AEDT
I maintain some code (using cronic, see http://habilis.net/cronic/ ) which is sensitive to any noise generated on stderr, treating it as a possible error. One culprit causing false alarms is ssh-keygen, which generates these two messages from around line 1245 of ssh-keygen.c:

fprintf(stderr, "%s updated.\n", identity_file);
fprintf(stderr, "Original contents retained as %s\n", old);

I believe such use of stderr is inconsistent not only with generally accepted use of stderr elsewhere, but with the rest of the OpenSSH codebase. Other non-error messages in that file (e.g. "%s: generating new host keys: ") seem fine with being sent to stdout, and similar diagnostic messages in that file also respect the "quiet" flag, which I would find helpful.

I noticed some other inconsistencies in ssh-keygen.c as well. For example, this bit (line 888) surely should go to stderr instead of stdout:

if (invalid) {
        printf("%s is not a public key file.\n", identity_file);
        exit(1);
}
Comment 1 Damien Miller 2015-04-17 16:28:57 AEST
Created attachment 2593 [details]
convert ssh-keygen to logit/error/fatal

This converts the stderr message you mentioned to stdout, and switches most stderr messages over to logit/error/fatal
Comment 2 Damien Miller 2015-04-17 23:19:37 AEST
patch applied - this will be in openssh-6.9
Comment 3 Damien Miller 2015-08-11 23:03:50 AEST
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1