openssh bugs - Oct 2019 - [Bug 3083] New: Passing tilde (HOME) in file option results in cryptic error

https://bugzilla.mindrot.org/show_bug.cgi?id=3083

            Bug ID: 3083
           Summary: Passing tilde (HOME) in file option results in cryptic
                    error
           Product: Portable OpenSSH
           Version: 8.1p1
          Hardware: ix86
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-keygen
          Assignee: unassigned-bugs at mindrot.org
          Reporter: s.egbert at sbcglobal.net

The command in question discovered in earlier 7.9p1 and also in latest
8.1p1:

    ssh-keygen -f "~/.ssh/known_hosts" -R "johndoe"

Expected output:

    known_hosts: No such file or directory

The actual result output is:

    mkstemp: No such file or directory

`strace -f` shows:

    openat(AT_FDCWD, "~/.ssh/known_hosts.TgA5TDcI46",
O_RDWR|O_CREAT|O_EXCL, 0600) = -1 ENOENT (No such file or directory)
    write(2, "mkstemp: No such file or directo"..., 36mkstemp: No such
file or directory

Please notice the temporary file being created at
"~/.ssh/known_hosts.TgA5TDcI46"?

Looks like a tilde expansion failure (or lack thereof).

ssh-keygen(8) has this to say about the specification of
`known_hosts_file`:  (*nothing*)

I've searched the unix-dev mailing list, patch history, bugzilla
(keywords: mktemp, tilde)

Introduction of breakage appears to be here:

commit 3e088aaf236ef35beeef3c9be93fd53700df5861
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Fri Jun 1 03:51:34 2018 +0000

    upstream: return correct exit code when searching for and hashing

    known_hosts entries in a single operation (ssh-keygen -HF
hostname); bz2772
    Report and fix from Anton Kremenetsky

    OpenBSD-Commit-ID: ac10ca13eb9bb0bc50fcd42ad11c56c317437b58

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3083

--- Comment #1 from Egbert S. <s.egbert at sbcglobal.net> ---
Actually, I expected this tilde expansion command to work on
`known_hosts` file.

Expected output:

    # Host johndoe found: line 1
    /home/jilldoe/.ssh/known_hosts updated.
    Original contents retained as /home/jilldoe/.ssh/known_hosts.old

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3083

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net

--- Comment #2 from Darren Tucker <dtucker at dtucker.net> ---
Tilde expansion is a function of the shell, and you told your shell not
to do it by quoting your argument.  Compare (this is bash):

$ echo ~/.ssh/known_hosts
/home/dtucker/.ssh/known_hosts

$ echo "~/.ssh/known_hosts"
~/.ssh/known_hosts

"~" is a valid path component on most if not all Unix filesystems.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3083

--- Comment #3 from Egbert S. <s.egbert at sbcglobal.net> ---
Agreed.  It would have worked if the quoted is narrowed down to like
any of the following:

    ssh-keygen -f ~/../../"My Users"/johndoe/.ssh/known_hosts
    ssh-keygen -f ~/../johndoe/.ssh/"known hosts"
    ssh-keygen -f ~/../"Johnny Be Right"/.ssh/known_hosts

And certainly not the following:

    ssh-keygen -f "~"/.ssh/known_hosts


Got it.  I think I'd be asking for an enhancement to the error message,
something like including the filename in question that mktemp failed
at.

If this is not a worthy goal, then let's close this bug.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3083

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |WORKSFORME
             Status|NEW                         |RESOLVED

--- Comment #4 from Darren Tucker <dtucker at dtucker.net> ---
The error message from the current version seems reasonably descriptive
although I'm not sure when it changed:

$ ./ssh-keygen -f "~/.ssh/known_hosts" -R foo
Cannot stat ~/.ssh/known_hosts: No such file or directory

I don't think there's anything else to be done here.  Thanks for the
report.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3083

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #5 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.