Created attachment 1588 [details] output of ssh-keygen -l on known_hosts file with comments I am encountering a small bug when using ssh-keygen -l with known_hosts files. For lines that have comments, the hostname is not diplayed in the ssh-keygen -l output. Please see the attachment for a demonstration of the effect. As you can see in the last command in the attachment, the hostname is not present in the display, although the comment is. The monkeysphere [0] program uses the comment field in known_hosts files, so this may present a problem for users of that program. Thanks for the help. [0] http://web.monkeysphere.info/
I'm pretty sure that key comments in known_hosts files have only worked "by accident" before. That being said, we should try to preserve them...
We are freezing for the OpenSSH 5.6 release. Retargetting these bugs to the next release.
Targetting OpenSSH 5.7
Retarget unclosed bugs from 5.7=>5.8
Retarget unresolved bugs/features to 6.0 release
Retarget unresolved bugs/features to 6.0 release (try again - bugzilla's "change several" isn't)
Created attachment 2102 [details] bz1544.diff prefer hostnames to comments when printing fingerprints on known_hosts
This is tricky, because ssh-keygen -l has to support both known_hosts and authorized_keys and there are no cheap heuristics to discern between them.
The last patch is wrong, bug #1323 discusses the complexity of this in more detail.
oops, I meant bug #1319
Retarget from 6.0 to 6.1
Retarget 6.0 => 6.1
Retarget uncompleted bugs from 6.1 => 6.2
Retarget bugs from 6.1 => 6.2
retarget to openssh-6.3
Retarget to openssh-6.4
Retarget 6.3 -> 6.4
Retarget incomplete bugs / feature requests to 6.6 release
Retarget to 6.7 release, since 6.6 was mostly bugfixing.
Remove from 6.6 tracking bug
Remove from 6.7 blocker list. I'm not sure yet sure how to do this reliably
HEAD now displays the comment when one is present in known_hosts, but at the cost of not displaying the hostname. I'm not sure whether this is an improvement or a regression :/
(In reply to Damien Miller from comment #24) > HEAD now displays the comment when one is present in known_hosts, > but at the cost of not displaying the hostname. I'm not sure whether > this is an improvement or a regression :/ Hi, Damien. I'm confused by this, since what you're saying the "HEAD now displays" is exactly the same broken output that is the subject of this report. So as far as I can tell it's not an improvement or a regression but is in fact the exact same brokenness. Am I missing something?
This is now implemented in HEAD, supporting RSA1 private keys, v2 public keys, authorized_keys, known_hosts and allowing ssh-keygen -lf- to read from stdin. https://anongit.mindrot.org/openssh.git/commit/?id=c56a255162c2166884539c0a1f7511575325b477 It will be in the forthmcoming openssh-7.2 release
oops, that message was meant for bug 1319. However, that commit does change the behaviour to ignore comments following public keys that are prefixed with '#' characters.
I don't think further progress is really possible here - "ssh-keygen -l" has to support both known_hosts and authorized_keys files, and the default case for known_hosts has no comments. I'd suggest the workaround I mentioned in 26: if you prefix your comments with '#' characters then ssh-keygen will ignore them. Feel free to reopen if you have a better idea
Move resolved bugs -> CLOSED after 8.0 release