openssh unix dev - Mar 2021 - "ssh-keygen -R hostname" errors out with non-existent known_hosts

On Tue, Mar 23, 2021 at 7:01 PM Damien Miller <djm at mindrot.org>
wrote:
>
> On Tue, 23 Mar 2021, Nico Kadel-Garcia wrote:
>
> > I've just run into what I consider a bug: If ~/.ssh/known_hosts
does
> > not exist, and the account owner runs the command or their script
> > includes the command "ssh-keygen -R {hostname}", it reports
an error
> > rather than reporting "oh, yes, the file was empty and therefore
your
> > attempt to delete the hostname was unnecessary".
> >
> > If I want to delete a hostkey entry, and there is none to be found,
> > shouldn't that be considered a successful operation?
>
> I think the condition of known_hosts being absent is worth communicating.
> Maybe a different exit value for that case?
Exit 0, please. An absent known_hosts file doesn't contain the entry
the "ssh-keygen -R hostname" entry is expected to remove, and the
result should be considered a success for the command.
> diff --git a/ssh-keygen.c b/ssh-keygen.c
> index a442dc8e..3f603163 100644
> --- a/ssh-keygen.c
> +++ b/ssh-keygen.c
> @@ -1305,8 +1305,14 @@ do_known_hosts(struct passwd *pw, const char *name,
int find_host,
>                 free(cp);
>                 have_identity = 1;
>         }
> -       if (stat(identity_file, &sb) != 0)
> -               fatal("Cannot stat %s: %s", identity_file,
strerror(errno));
> +       if (stat(identity_file, &sb) != 0) {
> +               if (errno != ENOENT) {
> +                       fatal("Cannot stat %s: %s",
identity_file,
> +                           strerror(errno));
> +               }
> +               logit("Hosts file %s does not exist",
identity_file);
> +               cleanup_exit(1);
> +       }
>
>         memset(&ctx, 0, sizeof(ctx));
>         ctx.out = stdout;

On Tue, 23 Mar 2021, Nico Kadel-Garcia wrote:
> On Tue, Mar 23, 2021 at 7:01 PM Damien Miller <djm at mindrot.org>
wrote:
> >
> > On Tue, 23 Mar 2021, Nico Kadel-Garcia wrote:
> >
> > > I've just run into what I consider a bug: If
~/.ssh/known_hosts does
> > > not exist, and the account owner runs the command or their script
> > > includes the command "ssh-keygen -R {hostname}", it
reports an error
> > > rather than reporting "oh, yes, the file was empty and
therefore your
> > > attempt to delete the hostname was unnecessary".
> > >
> > > If I want to delete a hostkey entry, and there is none to be
found,
> > > shouldn't that be considered a successful operation?
> >
> > I think the condition of known_hosts being absent is worth
communicating.
> > Maybe a different exit value for that case?
> 
> Exit 0, please. An absent known_hosts file doesn't contain the entry
> the "ssh-keygen -R hostname" entry is expected to remove, and the
> result should be considered a success for the command.
I certainly don't agree.

"grep foo /nonexistent" or "sed -i s/foo/bar /nonexistent"
don't return
status 0 either for exactly the same reason.

-d