[Bug 1966591] Re: ssh-keygen -R changes known_hosts file permissions (mode)

Brian Murray 1966591 at bugs.launchpad.net
Wed May 11 20:57:58 UTC 2022 

Please investigate the gvfs autopkgtests failures for impish and focal
as these are blocking the release of openssh for those releases and
subsequently the release for bionic too.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1966591

Title:
  ssh-keygen -R changes known_hosts file permissions (mode)

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Bionic:
  Fix Committed
Status in openssh source package in Focal:
  Fix Committed
Status in openssh source package in Impish:
  Fix Released
Status in openssh source package in Jammy:
  Fix Released

Bug description:
  [Impact]

  When using "ssh-keygen -R" to remove a host from "known_hosts" the
  command changes permissions on the file.  This can cause problems
  particularly when used on the global "known_hosts" file
  (/etc/ssh/ssh_known_hosts), because then only root can read it.
  Programs running non-interactively as non-root users suddenly fail to
  SSH and it's not immediately obvious why.

  [Test Plan]

  The problem happens on Bionic and Focal.

  $ lxc launch ubuntu-daily:focal openssh-bug1966591
  $ lxc shell openssh-bug1966591
  # ssh-keyscan github.com > test_known_hosts
  # chmod 644 test_known_hosts
  # ssh-keygen -R github.com -f test_known_hosts
  # stat test_known_hosts
  ...
  Access: (0600/-rw-------) ...
  ...

  [Where problems could occur]

  The upstream patch is very simple and it is unlikely that it will
  cause any regressions.  An indirect problem that could occur is that
  users might expect to see a more strict set of permissions on a
  "known_hosts" file after using "ssh-keygen -R", but arguably this is
  not defined behaviour and should not be relied upon.  Of course, there
  is always a (very) small risk of introducing problems when rebuilding
  packages using newer versions of its dependencies (especially on
  Bionic, because it's older).

  [Original Description]

  When I use ssh-keygen -R to remove a host from known_hosts it changes
  permissions on the file. This causes problems particularly when used
  on the global known hosts file (/etc/ssh/ssh_known_hosts), because
  then only root can read it. Programs running non-interactively as non-
  root users suddenly fail to SSH and it's not immediately obvious why.

  To reproduce:

  $ ssh-keyscan github.com >test_known_hosts
  $ chmod 741 test_known_hosts
  $ ssh-keygen -R github.com -f test_known_hosts
  $ stat test_known_hosts
  ...
  Access: (0600/-rw-------) ...

  Expected behavior: file permissions remain unchanged (mode 0741 in
  this example).

  $ lsb_release -rd
  Description:	Ubuntu 18.04.6 LTS
  Release:	18.04

  $ apt-cache policy openssh-client
  openssh-client:
    Installed: 1:7.6p1-4ubuntu0.6

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1966591/+subscriptions

More information about the foundations-bugs mailing list