openssh unix dev - Mar 2021 - "ssh-keygen -R hostname" errors out with non-existent known_hosts

I've just run into what I consider a bug: If ~/.ssh/known_hosts does
not exist, and the account owner runs the command or their script
includes the command "ssh-keygen -R {hostname}", it reports an error
rather than reporting "oh, yes, the file was empty and therefore your
attempt to delete the hostname was unnecessary".

If I want to delete a hostkey entry, and there is none to be found,
shouldn't that be considered a successful operation?

On Tue, 23 Mar 2021, Nico Kadel-Garcia wrote:
> I've just run into what I consider a bug: If ~/.ssh/known_hosts does
> not exist, and the account owner runs the command or their script
> includes the command "ssh-keygen -R {hostname}", it reports an
error
> rather than reporting "oh, yes, the file was empty and therefore your
> attempt to delete the hostname was unnecessary".
> 
> If I want to delete a hostkey entry, and there is none to be found,
> shouldn't that be considered a successful operation?
I think the condition of known_hosts being absent is worth communicating.
Maybe a different exit value for that case?


diff --git a/ssh-keygen.c b/ssh-keygen.c
index a442dc8e..3f603163 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1305,8 +1305,14 @@ do_known_hosts(struct passwd *pw, const char *name, int
find_host,
 		free(cp);
 		have_identity = 1;
 	}
-	if (stat(identity_file, &sb) != 0)
-		fatal("Cannot stat %s: %s", identity_file, strerror(errno));
+	if (stat(identity_file, &sb) != 0) {
+		if (errno != ENOENT) {
+			fatal("Cannot stat %s: %s", identity_file,
+			    strerror(errno));
+		}
+		logit("Hosts file %s does not exist", identity_file);
+		cleanup_exit(1);
+	}
 
 	memset(&ctx, 0, sizeof(ctx));
 	ctx.out = stdout;

On 23.03.21 06:42, Nico Kadel-Garcia wrote:
> If I want to delete a hostkey entry, and there is none to be found,
> shouldn't that be considered a successful operation?
I can think of (easily more than) two scenarios where someone would want
to run such a command in the first place:

-- An admin performing cleanups on users' known_hosts file after a
server changed keypairs or got decommissioned, where not finding the old
pubkeys in some of the user configs would be expected and ignored

-- A user who has had strict hostkey checking block his login and tries
to fix the problem, where the command *failing* to (semi-)fix the
problem is something he definitely wants to know about

You can't have one and the same command do *both*.

If anything, the reaction of "ssh-keygen -R ..." to a missing
known_hosts file should be consistent with the outcome of it not finding
a matching key therein to delete (which is to output an error message
but still do an exit(0), apparently).

Regards,
-- 
Jochen Bern
Systemingenieur

Binect GmbH

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20210324/aa42d51a/attachment-0001.p7s>