bugzilla-daemon at mindrot.org
2023-Mar-25 13:41 UTC
[Bug 3552] New: ssh_config option RevokedHostKeys doesn't do tilde expansion on the filename
https://bugzilla.mindrot.org/show_bug.cgi?id=3552
Bug ID: 3552
Summary: ssh_config option RevokedHostKeys doesn't do tilde
expansion on the filename
Product: Portable OpenSSH
Version: 9.0p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: daniel at spatof.org
Thanks to GitHub's private key leak I got to use the RevokedHostKeys
setting in ssh_config, and I realized it doesn't do tilde expansion on
the filename.
Specifically, this doesn't work and gives a "No such file or
directory"
error:
RevokedHostKeys ~/.ssh/revoked_host_keys
but this does work:
RevokedHostKeys /Users/my_user/.ssh/revoked_host_keys
This was tested on OpenSSH 9.0p1 on macOS 13.2.1; I can't test on the
latest OpenSSH, but I did a quick search on the OpenSSH code on GitHub
and I think this bug is still present.
The IdentityFile option do tilde expansion:
https://github.com/openbsd/src/blob/fba4865f1dbe0cc6c4725437366d812456e9331d/usr.bin/ssh/ssh.c#L2265
The RevokedHostKeys option does not:
https://github.com/openbsd/src/blob/fba4865f1dbe0cc6c4725437366d812456e9331d/usr.bin/ssh/authfile.c#L385
Slightly related, the ssh_config man page doesn't specify that the
plain text version of the RevokedHostKeys file can contain comments.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Mar-25 19:03 UTC
[Bug 3552] ssh_config option RevokedHostKeys doesn't do tilde expansion on the filename
https://bugzilla.mindrot.org/show_bug.cgi?id=3552
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org,
| |dtucker at dtucker.net
Attachment #3686| |ok?(djm at mindrot.org)
Flags| |
--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
Created attachment 3686
--> https://bugzilla.mindrot.org/attachment.cgi?id=3686&action=edit
Add tilde and environment variable support to RevokedHostKeys
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2023-Mar-25 19:04 UTC
[Bug 3552] ssh_config option RevokedHostKeys doesn't do tilde expansion on the filename
https://bugzilla.mindrot.org/show_bug.cgi?id=3552
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |3549
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=3549
[Bug 3549] Tracking bug for OpenSSH 9.4
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Mar-26 11:11 UTC
[Bug 3552] ssh_config option RevokedHostKeys doesn't do tilde expansion on the filename
https://bugzilla.mindrot.org/show_bug.cgi?id=3552
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #3686|ok?(djm at mindrot.org) |ok+
Flags| |
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Mar-27 04:05 UTC
[Bug 3552] ssh_config option RevokedHostKeys doesn't do tilde expansion on the filename
https://bugzilla.mindrot.org/show_bug.cgi?id=3552
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #2 from Darren Tucker <dtucker at dtucker.net> ---
Applied and will be in the next major release. Thanks for the report.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.