openssh bugs - Apr 2014 - [Bug 2234] New: ssh-add -l output aborts on unrecognized key, skips flush when stdout not tty

https://bugzilla.mindrot.org/show_bug.cgi?id=2234

            Bug ID: 2234
           Summary: ssh-add -l output aborts on unrecognized key, skips
                    flush when stdout not tty
           Product: Portable OpenSSH
           Version: 6.6p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh-add
          Assignee: unassigned-bugs at mindrot.org
          Reporter: phil.pennock at globnix.org

Under SSH Agent Forwarding, when using an ssh-agent with keys loaded
for key-types not recognized by the remote host, running "ssh-add -l"
on the remote host will abort with fatal() when it sees the
unrecognized key-type.

If stdout is a tty, then stdio is line-buffered and the first seen SSH
keys will have their fingerprints emitted.  If stdout is not a tty,
then the stdio is never flushed and only the stderr output will be
emitted.  The fingerprints are lost.

"ssh-add -L" emits a line for every key loaded, without aborting, and
unhandled key-types can be detected by checking if the line begins with
whitespace.

The current behaviour working as well as it does is based on only one
set of keys being loaded and the most portable keys being loaded first.

The current behaviour can be made agnostic of tty/non-tty by inserting
a `setlinebuf(stdout);` call into `list_identities()`.

A more reliable approach might be to give `key_fingerprint()` a flag to
avoid calling fatal and to return an error some other way?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2234

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
             Status|NEW                         |RESOLVED
             Blocks|                            |2226
         Resolution|---                         |FIXED

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
I just committed a change to make ssh-add's output line-buffered. This
will be in OpenSSH-6.7 -- thanks!

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2234

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Close all bugs left open from 6.6 and 6.7 releases.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2234

--- Comment #3 from Phil Pennock <phil.pennock at globnix.org> ---
Just to re-emphasize: the current fix only makes sure that the
behaviour is independent of whether or not stdout is a tty.

The `ssh-add -L` aborting on the first unhandled key type remains; if
two sets of keys are loaded, but a key in the first set is unhandled by
the remote agent, then the handled keys from the second set will never
be listed.  So this bug still remains.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.