bugzilla-daemon at mindrot.org
2023-Mar-25 13:41 UTC
[Bug 3552] New: ssh_config option RevokedHostKeys doesn't do tilde expansion on the filename
https://bugzilla.mindrot.org/show_bug.cgi?id=3552 Bug ID: 3552 Summary: ssh_config option RevokedHostKeys doesn't do tilde expansion on the filename Product: Portable OpenSSH Version: 9.0p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: daniel at spatof.org Thanks to GitHub's private key leak I got to use the RevokedHostKeys setting in ssh_config, and I realized it doesn't do tilde expansion on the filename. Specifically, this doesn't work and gives a "No such file or directory" error: RevokedHostKeys ~/.ssh/revoked_host_keys but this does work: RevokedHostKeys /Users/my_user/.ssh/revoked_host_keys This was tested on OpenSSH 9.0p1 on macOS 13.2.1; I can't test on the latest OpenSSH, but I did a quick search on the OpenSSH code on GitHub and I think this bug is still present. The IdentityFile option do tilde expansion: https://github.com/openbsd/src/blob/fba4865f1dbe0cc6c4725437366d812456e9331d/usr.bin/ssh/ssh.c#L2265 The RevokedHostKeys option does not: https://github.com/openbsd/src/blob/fba4865f1dbe0cc6c4725437366d812456e9331d/usr.bin/ssh/authfile.c#L385 Slightly related, the ssh_config man page doesn't specify that the plain text version of the RevokedHostKeys file can contain comments. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Mar-25 19:03 UTC
[Bug 3552] ssh_config option RevokedHostKeys doesn't do tilde expansion on the filename
https://bugzilla.mindrot.org/show_bug.cgi?id=3552 Darren Tucker <dtucker at dtucker.net> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org, | |dtucker at dtucker.net Attachment #3686| |ok?(djm at mindrot.org) Flags| | --- Comment #1 from Darren Tucker <dtucker at dtucker.net> --- Created attachment 3686 --> https://bugzilla.mindrot.org/attachment.cgi?id=3686&action=edit Add tilde and environment variable support to RevokedHostKeys -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2023-Mar-25 19:04 UTC
[Bug 3552] ssh_config option RevokedHostKeys doesn't do tilde expansion on the filename
https://bugzilla.mindrot.org/show_bug.cgi?id=3552 Darren Tucker <dtucker at dtucker.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |3549 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=3549 [Bug 3549] Tracking bug for OpenSSH 9.4 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Mar-26 11:11 UTC
[Bug 3552] ssh_config option RevokedHostKeys doesn't do tilde expansion on the filename
https://bugzilla.mindrot.org/show_bug.cgi?id=3552 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #3686|ok?(djm at mindrot.org) |ok+ Flags| | -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Mar-27 04:05 UTC
[Bug 3552] ssh_config option RevokedHostKeys doesn't do tilde expansion on the filename
https://bugzilla.mindrot.org/show_bug.cgi?id=3552 Darren Tucker <dtucker at dtucker.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #2 from Darren Tucker <dtucker at dtucker.net> --- Applied and will be in the next major release. Thanks for the report. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Possibly Parallel Threads
- [Bug 3549] New: Tracking bug for OpenSSH 9.4
- Announce: OpenSSH 6.8 released
- [Bug 3720] New: ssh-keygen -R fails and/or leaves temp files when run concurrently
- [PATCH] Expand tilde for UNIX domain socket forwards.
- [klibc:update-dash] dash: expand: Use HOME in tilde expansion when it is empty