openssh bugs - Oct 2015 - [Bug 2479] New: ssh-keyscan non-standard port broken

https://bugzilla.mindrot.org/show_bug.cgi?id=2479

            Bug ID: 2479
           Summary: ssh-keyscan non-standard port broken
           Product: Portable OpenSSH
           Version: 6.9p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh-keyscan
          Assignee: unassigned-bugs at mindrot.org
          Reporter: micah at riseup.net

If one passes the -p option for a non-standard port to ssh-keyscan when
using the -f option to pull hosts from a file, it results in a
known_hosts entry that is incorrect:

micah at muck$ cat /tmp/try 
199.254.238.47 micah.riseup.net,199.254.238.47

micah at muck$ ssh-keyscan -t rsa -p 4422 -f /tmp/try > /tmp/known

micah at muck$ cat /tmp/known
[micah.riseup.net,199.254.238.47]:4422 ssh-rsa DATA

It seems like putting a list of hostnames,ips inside of the [] doesn't
work:

micah at muck:dotfiles$ ssh -oUserKnownHostsFile=/tmp/known
micah at micah.riseup.net -p 4422
The authenticity of host '[micah.riseup.net]:4422
([199.254.238.47]:4422)' can't be established.
RSA key fingerprint is
SHA256:CbHIxWJjFKJk5V+G09XeiABqIRTooC646ZfSl7FRp2w.
Are you sure you want to continue connecting (yes/no)?

It should be constructed like this:

[micah.riseup.net]:4422,[199.254.238.47]:4422 ssh-rsa DATA

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2479

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |ASSIGNED
                 CC|                            |djm at mindrot.org,
                   |                            |dtucker at zip.com.au
           Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
   Attachment #2735|                            |ok?(dtucker at zip.com.au)
              Flags|                            |

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 2735
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2735&action=edit
expand each host name/address individually

I think ssh-keyscan should expand the host list when the port number is
non-default or host hashing is in use. 

The attached diff tries to do this:

# 203.217.30.81:22 SSH-2.0-OpenSSH_7.1
fuyu.mindrot.org,203.217.30.81 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAtNSRpUm2RRL2A1XPw2zFXg+t6zfAtuuDcC/M0mbwBgbwKkMAhv5diC22U5VOsmeSs8ufbuDVIZ5PL1jllbuvT5XSVwxTPiLaOHKnMLKtn97dlqWwW2SnC6Yn4zejJpIFw0+KcX+euJZhU7bqj7ocQ4To+igThYl2U1vTrpTImsz8I2OYzcA2523EbEsLlnxTEL813norSYj3jwUaUQN9iz3ybcuLk9XbwIazN2iXFU1mQP6tzJlUHjhVBXeM7gSsir4mJC72tYHoL+v9fUakFUEowXkJnmj+o8uNiNKFjQt66s23/HjQvujMzfYG0uV2yHwjsvWeo3h138HnHeo+5Q=
[djm at demiurge openssh]$ ./ssh-keyscan -t rsa -p 2222 -f /tmp/x1 
# 203.217.30.81:2222 SSH-2.0-OpenSSH_7.1
[fuyu.mindrot.org]:2222 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAtNSRpUm2RRL2A1XPw2zFXg+t6zfAtuuDcC/M0mbwBgbwKkMAhv5diC22U5VOsmeSs8ufbuDVIZ5PL1jllbuvT5XSVwxTPiLaOHKnMLKtn97dlqWwW2SnC6Yn4zejJpIFw0+KcX+euJZhU7bqj7ocQ4To+igThYl2U1vTrpTImsz8I2OYzcA2523EbEsLlnxTEL813norSYj3jwUaUQN9iz3ybcuLk9XbwIazN2iXFU1mQP6tzJlUHjhVBXeM7gSsir4mJC72tYHoL+v9fUakFUEowXkJnmj+o8uNiNKFjQt66s23/HjQvujMzfYG0uV2yHwjsvWeo3h138HnHeo+5Q=[203.217.30.81]:2222
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAtNSRpUm2RRL2A1XPw2zFXg+t6zfAtuuDcC/M0mbwBgbwKkMAhv5diC22U5VOsmeSs8ufbuDVIZ5PL1jllbuvT5XSVwxTPiLaOHKnMLKtn97dlqWwW2SnC6Yn4zejJpIFw0+KcX+euJZhU7bqj7ocQ4To+igThYl2U1vTrpTImsz8I2OYzcA2523EbEsLlnxTEL813norSYj3jwUaUQN9iz3ybcuLk9XbwIazN2iXFU1mQP6tzJlUHjhVBXeM7gSsir4mJC72tYHoL+v9fUakFUEowXkJnmj+o8uNiNKFjQt66s23/HjQvujMzfYG0uV2yHwjsvWeo3h138HnHeo+5Q=
[djm at demiurge openssh]$ ./ssh-keyscan -t rsa -H -f /tmp/x1 
# 203.217.30.81:22 SSH-2.0-OpenSSH_7.1
|1|ym8qXXurgjs0t6rZpJ9SkFLjnJU=|cIa7BLNfWuInKIvRxiHQtIkl6wA= ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAtNSRpUm2RRL2A1XPw2zFXg+t6zfAtuuDcC/M0mbwBgbwKkMAhv5diC22U5VOsmeSs8ufbuDVIZ5PL1jllbuvT5XSVwxTPiLaOHKnMLKtn97dlqWwW2SnC6Yn4zejJpIFw0+KcX+euJZhU7bqj7ocQ4To+igThYl2U1vTrpTImsz8I2OYzcA2523EbEsLlnxTEL813norSYj3jwUaUQN9iz3ybcuLk9XbwIazN2iXFU1mQP6tzJlUHjhVBXeM7gSsir4mJC72tYHoL+v9fUakFUEowXkJnmj+o8uNiNKFjQt66s23/HjQvujMzfYG0uV2yHwjsvWeo3h138HnHeo+5Q=|1|lxsMXgGpGeMPNR+9jLVBz9c26es=|LaJR3u29ThoOaekgMCVPTrQhVhU=
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAtNSRpUm2RRL2A1XPw2zFXg+t6zfAtuuDcC/M0mbwBgbwKkMAhv5diC22U5VOsmeSs8ufbuDVIZ5PL1jllbuvT5XSVwxTPiLaOHKnMLKtn97dlqWwW2SnC6Yn4zejJpIFw0+KcX+euJZhU7bqj7ocQ4To+igThYl2U1vTrpTImsz8I2OYzcA2523EbEsLlnxTEL813norSYj3jwUaUQN9iz3ybcuLk9XbwIazN2iXFU1mQP6tzJlUHjhVBXeM7gSsir4mJC72tYHoL+v9fUakFUEowXkJnmj+o8uNiNKFjQt66s23/HjQvujMzfYG0uV2yHwjsvWeo3h138HnHeo+5Q=

# 203.217.30.81:2222 SSH-2.0-OpenSSH_7.1
[|1|SOCfZlLsozka+6Ib4TiIFPlBSVs=|xie/tboEBMz8az3tkmZ5Zmd0LdY=]:2222
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAtNSRpUm2RRL2A1XPw2zFXg+t6zfAtuuDcC/M0mbwBgbwKkMAhv5diC22U5VOsmeSs8ufbuDVIZ5PL1jllbuvT5XSVwxTPiLaOHKnMLKtn97dlqWwW2SnC6Yn4zejJpIFw0+KcX+euJZhU7bqj7ocQ4To+igThYl2U1vTrpTImsz8I2OYzcA2523EbEsLlnxTEL813norSYj3jwUaUQN9iz3ybcuLk9XbwIazN2iXFU1mQP6tzJlUHjhVBXeM7gSsir4mJC72tYHoL+v9fUakFUEowXkJnmj+o8uNiNKFjQt66s23/HjQvujMzfYG0uV2yHwjsvWeo3h138HnHeo+5Q=[|1|WQ2HkjmJ9aS4cAswWlMu0b3Grrk=|TeVMzH5/XW1sVttL0652gM5rr2c=]:2222
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAtNSRpUm2RRL2A1XPw2zFXg+t6zfAtuuDcC/M0mbwBgbwKkMAhv5diC22U5VOsmeSs8ufbuDVIZ5PL1jllbuvT5XSVwxTPiLaOHKnMLKtn97dlqWwW2SnC6Yn4zejJpIFw0+KcX+euJZhU7bqj7ocQ4To+igThYl2U1vTrpTImsz8I2OYzcA2523EbEsLlnxTEL813norSYj3jwUaUQN9iz3ybcuLk9XbwIazN2iXFU1mQP6tzJlUHjhVBXeM7gSsir4mJC72tYHoL+v9fUakFUEowXkJnmj+o8uNiNKFjQt66s23/HjQvujMzfYG0uV2yHwjsvWeo3h138HnHeo+5Q=
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2479

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2735|ok?(dtucker at zip.com.au)     |ok+
              Flags|                            |

--- Comment #2 from Darren Tucker <dtucker at zip.com.au> ---
Comment on attachment 2735
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2735
expand each host name/address individually
>+	if (!key)
style(9) says this should be tested against NULL since it's not a
boolean.
>+		return;
>+	if (!hash_hosts
Ditto.

otherwise ok.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2479

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|ASSIGNED                    |RESOLVED
             Blocks|                            |2451

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Patch applied - this will be in OpenSSH 7.2. Thanks!


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2451
[Bug 2451] Bugs intended to be fixed in 7.2
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2479

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after 7.3p1 release

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.