bugzilla-daemon at bugzilla.mindrot.org
2007-Jun-05 13:36 UTC
[Bug 1319] New: ssh-keygen does not properly handle multiple keys
http://bugzilla.mindrot.org/show_bug.cgi?id=1319 Summary: ssh-keygen does not properly handle multiple keys Product: Portable OpenSSH Version: 4.5p1 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh-keygen AssignedTo: bitbucket at mindrot.org ReportedBy: pepper at rockefeller.edu When pointed at a file containing multiple keys, ssh-keygen only fingerprints the first key, and does not either fingerprint the additional keys or warn in any way that there are (or might be) additional keys in the specified file. pepper at salt:~/.ssh$ ssh-keygen -l -f authorized_keys 1024 5c:3a:b3:94:5d:ef:28:2c:4d:76:8a:9f:36:81:5c:af authorized_keys pepper at salt:~/.ssh$ wc -l authorized_keys 3 authorized_keys -- Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2008-Jun-14 19:19 UTC
[Bug 1319] ssh-keygen does not properly handle multiple keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1319 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> 2008-06-15 05:19:42 --- the problem here is that in ssh-keygen.c:do_fingerprint() we try key_load_public() first. If this finds a key then we bail, if not then we continue though the file a line at a time assuming authorized_keys format. The difficulty in fixing this comes from the fact that key_load_public() opens, reads and closes the file in one go. We need a variant that operates on an open file (or just a line), so we can continue. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Jun-03 03:40 UTC
[Bug 1319] ssh-keygen does not properly handle multiple keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1319 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1845 --- Comment #2 from Damien Miller <djm at mindrot.org> 2011-06-03 13:40:19 EST --- We can do this with the new authfile.c code that supports parsing from memory buffers. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-06 00:34 UTC
[Bug 1319] ssh-keygen does not properly handle multiple keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1319 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1930 --- Comment #3 from Damien Miller <djm at mindrot.org> 2011-09-06 10:34:16 EST --- Retarget unresolved bugs/features to 6.0 release -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-06 00:36 UTC
[Bug 1319] ssh-keygen does not properly handle multiple keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1319 --- Comment #4 from Damien Miller <djm at mindrot.org> 2011-09-06 10:36:29 EST --- Retarget unresolved bugs/features to 6.0 release -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Sep-06 00:39 UTC
[Bug 1319] ssh-keygen does not properly handle multiple keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1319 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|1845 | --- Comment #5 from Damien Miller <djm at mindrot.org> 2011-09-06 10:39:03 EST --- Retarget unresolved bugs/features to 6.0 release (try again - bugzilla's "change several" isn't) -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-02 01:19 UTC
[Bug 1319] ssh-keygen does not properly handle multiple keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1319 --- Comment #6 from Damien Miller <djm at mindrot.org> 2011-12-02 12:19:01 EST --- Fixing this is trickier than I thought. The cases that need to be supported are: 1. SSH1 public key in a private blob 2. SSH1/SSH2 public key in text form 3. known_hosts 4. authorized_keys We can deal with case #1 by using key_load_public_type() instead of key_load_public. It is a little more tricky to support the other cases together though. For a start, known_hosts always has a hostname before the key string whereas a public key in text format never does. authorized_keys has optional key restrictions that need to be recognised and skipped. A final (?) complication comes in the printing - when printing fingerprints from known_hosts, one wants to print the hostname obtained from the start of the line, but when printing everything else the key comment (end of the line, or baked into the a binary SSH1 private key) is the most important thing. So, do_fingerprint needs to be rewritten to look something like this: k = key_load_public_type(KEY_RSA1, identity_file, comment) if (k != NULL) print fingerprint+comment and exit for line in identity_file split_key_line(line, &preamble, &key, &comment) if (auth_parse_options(preamble)) { // If it has options then it's definitely authorized keys authorized_keys = 1 } else if (*preamble != '\0') { // If the preamble doesn't look like options, then it's probably // known_hosts known_hosts = 1 } else { // If no preamble at all then it's a plain key or authorized_keys } print_fingerprint(key) print_comment(known_hosts ? preamble : comment) } -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2011-Dec-02 01:59 UTC
[Bug 1319] ssh-keygen does not properly handle multiple keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1319 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1544 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-23 23:34 UTC
[Bug 1319] ssh-keygen does not properly handle multiple keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1319 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1986 --- Comment #7 from Damien Miller <djm at mindrot.org> 2012-02-24 10:34:25 EST --- Retarget from 6.0 to 6.1 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Feb-23 23:38 UTC
[Bug 1319] ssh-keygen does not properly handle multiple keys
https://bugzilla.mindrot.org/show_bug.cgi?id=1319 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|1930 | --- Comment #8 from Damien Miller <djm at mindrot.org> 2012-02-24 10:38:04 EST --- Retarget 6.0 => 6.1 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Reasonably Related Threads
- [Bug 1544] New: ssh-keygen -l on known_hosts file does not display hostnames for lines with comments
- [Bug 1319] ssh-keygen does not properly handle multiple keys
- [Bug 1545] New: ssh-keygen -R removes all comments from known_hosts file
- [Bug 2561] New: ssh-keygen -A does not recreate broken zero-sized host keys
- Patch for ssh-keygen to allow conversion of public key to openssh format