Bug 2239 - ssh-keygen cannot handle Linux with 64 char long hostname
Summary: ssh-keygen cannot handle Linux with 64 char long hostname
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh-keygen (show other bugs)
Version: 6.6p1
Hardware: All Linux
: P5 minor
Assignee: Damien Miller
URL:
Keywords:
Depends on:
Blocks: V_6_7
  Show dependency treegraph
 
Reported: 2014-05-07 04:08 AEST by Milos Vyletel
Modified: 2014-10-08 08:00 AEDT (History)
2 users (show)

See Also:

Attachments
patch (507 bytes, patch)
2014-05-07 04:08 AEST, Milos Vyletel 		no flags Details | Diff
use NI_MAXHOST instead of HOSTNAMELEN (1.42 KB, patch)
2014-07-03 13:03 AEST, Damien Miller 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Milos Vyletel 2014-05-07 04:08:01 AEST 
Created attachment 2434 [details]
patch

I've tried to set set hostname on my linux box to 64 characters which is the maximum supported by Linux. This works fine but breaks ssh-keygen (and possibly other openssh tools) because Linux sets MAXHOSTNAMELEN to 64 which does not account for trailing zero.

I've tested this on 
OEL 6.5 (2.6.32-431.3.1.el6 kernel) and openssh-5.3p1-94.el6.x86_64
OEL 6.5 (2.6.32-431.3.1.el6 kernel) and OpenSSH_6.6p1
Fedora 20 (3.15.0-rc2+ kernel) and openssh-6.4p1-3.fc20.x86_64

The above root cause seems like a intentional design decision in Linux kernel. Unlike OpenBSD where MAXHOSTNAMELEN is _POSIX_HOST_NAME_MAX + trailing zero

/usr/include/limits.h:#define _POSIX_HOST_NAME_MAX      255
/usr/include/sys/param.h:#define MAXHOSTNAMELEN 256             /* max hostname size */

in Linux they are same and is up to program to reserve enough space
/usr/include/bits/local_lim.h:#define HOST_NAME_MAX             64
/usr/include/asm-generic/param.h:#define MAXHOSTNAMELEN 64      /* max length of hostname */

Here's reproduction

$ hostname
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
$ hostname | wc -c
65

OEL 6.5
$ rpm -qf $(which ssh-keygen)
openssh-5.3p1-94.el6.x86_64
$ ssh-keygen -t rsa
gethostname: File name too long
$

Fedora 20
$ rpm -qf $(which ssh-keygen)
openssh-6.4p1-3.fc20.x86_64
$ ssh-keygen -t rsa
gethostname: File name too long
$

OEL 6.5 + attached patch
$ ./ssh -V
OpenSSH_6.6p1, OpenSSL 1.0.1e-fips 11 Feb 2013
$ ./ssh-keygen -t ecdsa
Generating public/private ecdsa key pair.
Enter file in which to save the key (/PATH/.ssh/id_ecdsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /PATH/.ssh/id_ecdsa.
Your public key has been saved in /PATH/.ssh/id_ecdsa.pub.
The key fingerprint is:
92:d7:3d:a3:7d:76:1e:c6:39:be:8c:91:d8:32:36:f9 mv@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The key's randomart image is:
+--[ECDSA  256]---+
|                 |
|                 |
|                 |
|       . . .     |
|      o S . +    |
|       o   o+oo .|
|          .B.+o*.|
|          . =o*oo|
|             E +o|
+-----------------+

If you need any additional info please let me know. Attached is a proposed patch that would redefine MAXHOSTNAMELEN on Linux to 65.
Comment 1 Damien Miller 2014-07-03 13:03:02 AEST 
Created attachment 2448 [details]
use NI_MAXHOST instead of HOSTNAMELEN

I think we should just standardise on using strings of length NI_MAXHOST for hostnames. We do in about 1/2 the cases already.
Comment 2 Damien Miller 2014-07-03 13:34:38 AEST 
patch applied, will be in openssh-6.7. Thanks!
Comment 3 Damien Miller 2014-10-08 08:00:41 AEDT 
Close all bugs left open from 6.6 and 6.7 releases.