[Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

Tue Feb 28 07:23:31 UTC 2017

Thank you for taking the time to report this bug and helping to make
Ubuntu better. I appreciate the quality of this bug report and I'm sure
it'll be helpful to others experiencing the same issue.

As I proved in my checks this is an upstream bug. OTOH while annoying it
is not "very" fatal other than for convenience or certain automation
(which could code workarounds I think).

That said the best route to getting it fixed in Ubuntu in this case
would be to file an upstream bug. It would be great if you're able to do
that.

Otherwise, I'm not sure what we can do directly in Ubuntu to fix the
problem.

If you do end up filing an upstream bug, please link to it from here so we get auto-notified once there is something we can merge or even backport depending on the complexity.
Thanks!

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1668093

Title:
  ssh-keygen -H corrupts already hashed entries

Status in openssh package in Ubuntu:
  Confirmed

Bug description:
  xenial @ 1:7.2p2-4ubuntu2.1 on amd64 has this bug. trusty @
  1:6.6p1-2ubuntu2.8 on amd64 does not have this bug. I have not tested
  any other ssh versions.

  The following should reproduce the issue:

  #ssh-keyscan XXXX > ~/.ssh/known_hosts
  # ssh root at XXXXX
  Permission denied (publickey).
  # ssh-keygen -H
  /root/.ssh/known_hosts updated.
  Original contents retained as /root/.ssh/known_hosts.old
  WARNING: /root/.ssh/known_hosts.old contains unhashed entries
  Delete this file to ensure privacy of hostnames
  # ssh root at XXXXXX
  Permission denied (publickey).
  # ssh-keygen -H
  /root/.ssh/known_hosts updated.
  Original contents retained as /root/.ssh/known_hosts.old
  WARNING: /root/.ssh/known_hosts.old contains unhashed entries
  Delete this file to ensure privacy of hostnames
  # ssh root at XXXXX
  The authenticity of host 'XXXXXX' can't be established.
  RSA key fingerprint is XXXXXX.
  Are you sure you want to continue connecting (yes/no)?

  # diff known_hosts.old known_hosts
  1c1
  < |1|BoAbRpUE3F5AzyprJcbjdepeDh8=|x/1AcaLxh45FlShmVQnlgx2qjxY= XXXXX
  ---
  > |1|nTPsoLxCugQyZi3pqOa2pc/cX64=|bUH5qwZlZPp8msMGHdLtslf3Huk= XXXXX

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1668093/+subscriptions