Mikael Nordfeldth
2015-Apr-17 17:58 UTC
Private key (-i key_file) percent_expand problem when path contains percent sign (%)
I have problems ssh:ing with my private key when the user's. I run Debian Jessie, with (other than whatever Debian has done) non-modified OpenSSH: $ aptitude show openssh-client |grep Version: Version: 1:6.7p1-3 The problem is I get this fatal error without a remote connection being made: $ ssh user at example.com percent_expand: unknown key %/ My $HOME is "/srv/www/example.com/%". If I give the full path to the directory with the -i parameter I get the same error. If I provide a relative path, with `pwd` equal to $HOME, it works just fine: $ pwd /srv/www/kulturhusfestivalen.se/% $ ssh -i /srv/www/example.com/%/.ssh/id_rsa user at example.com percent_expand: unknown key %/ $ ssh -i .ssh/id_rsa user at example.com The authenticity of host 'example.com'... So it boils down to the -i parsing with a percent sign (which doesn't expand) it seems. Anyone else experiencing this or can reproduce it? -- Mikael Nordfeldth XMPP/mail: mmn at hethane.se OpenPGP fpr: AE68 9813 0B7C FCE3 B2FA 727B C7CE 635B B52E 9B31 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150417/2d8afd46/attachment.bin>
Ángel González
2015-Apr-19 18:56 UTC
Private key (-i key_file) percent_expand problem when path contains percent sign (%)
On 17/04/15 19:58, Mikael Nordfeldth wrote:> So it boils down to the -i parsing with a percent sign (which doesn't > expand) it seems. Anyone else experiencing this or can reproduce it?Yes, openssh doesn't like a % in the -i parameter: - If you provide a %, inside load_public_identity_files it attempts to treat it as an expand sequence, and thus fails. - If you provide a %% (which expands to a single %), then the stat(2) done before add_identity_file() makes it to fail, and such path doesn't even reach load_public_identity_files. As a workaround, you can provide the key file with the -o option: ssh -o IdentityFile=/srv/www/example.com/%%/.ssh/id_rsa user at example.com The following patch makes ssh to ignore the stat failure if the -i argument contains a % character: diff --git a/ssh.c b/ssh.c index 0ad82f0..e0c574f 100644 --- a/ssh.c +++ b/ssh.c @@ -705,7 +705,7 @@ main(int ac, char **av) options.gss_deleg_creds = 1; break; case 'i': - if (stat(optarg, &st) < 0) { + if (stat(optarg, &st) < 0 && strchr(optarg, '%') == NULL) { fprintf(stderr, "Warning: Identity file %s " "not accessible: %s.\n", optarg, strerror(errno));
Damien Miller
2015-Apr-20 00:35 UTC
Private key (-i key_file) percent_expand problem when path contains percent sign (%)
Hi, Could you please file a bug at https://bugzilla.mindrot.org/ ? We should handle this case a bit better... -d On Fri, 17 Apr 2015, Mikael Nordfeldth wrote:> I have problems ssh:ing with my private key when the user's. > > I run Debian Jessie, with (other than whatever Debian has done) > non-modified OpenSSH: > > $ aptitude show openssh-client |grep Version: > Version: 1:6.7p1-3 > > The problem is I get this fatal error without a remote connection being > made: > > $ ssh user at example.com > percent_expand: unknown key %/ > > My $HOME is "/srv/www/example.com/%". > > If I give the full path to the directory with the -i parameter I get the > same error. If I provide a relative path, with `pwd` equal to $HOME, it > works just fine: > > $ pwd > /srv/www/kulturhusfestivalen.se/% > $ ssh -i /srv/www/example.com/%/.ssh/id_rsa user at example.com > percent_expand: unknown key %/ > $ ssh -i .ssh/id_rsa user at example.com > The authenticity of host 'example.com'... > > So it boils down to the -i parsing with a percent sign (which doesn't > expand) it seems. Anyone else experiencing this or can reproduce it? > > -- > Mikael Nordfeldth > XMPP/mail: mmn at hethane.se > OpenPGP fpr: AE68 9813 0B7C FCE3 B2FA 727B C7CE 635B B52E 9B31 > >