Nico Kadel-Garcia
2021-Mar-24 00:28 UTC
"ssh-keygen -R hostname" errors out with non-existent known_hosts
On Tue, Mar 23, 2021 at 7:01 PM Damien Miller <djm at mindrot.org> wrote:> > On Tue, 23 Mar 2021, Nico Kadel-Garcia wrote: > > > I've just run into what I consider a bug: If ~/.ssh/known_hosts does > > not exist, and the account owner runs the command or their script > > includes the command "ssh-keygen -R {hostname}", it reports an error > > rather than reporting "oh, yes, the file was empty and therefore your > > attempt to delete the hostname was unnecessary". > > > > If I want to delete a hostkey entry, and there is none to be found, > > shouldn't that be considered a successful operation? > > I think the condition of known_hosts being absent is worth communicating. > Maybe a different exit value for that case?Exit 0, please. An absent known_hosts file doesn't contain the entry the "ssh-keygen -R hostname" entry is expected to remove, and the result should be considered a success for the command.> diff --git a/ssh-keygen.c b/ssh-keygen.c > index a442dc8e..3f603163 100644 > --- a/ssh-keygen.c > +++ b/ssh-keygen.c > @@ -1305,8 +1305,14 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host, > free(cp); > have_identity = 1; > } > - if (stat(identity_file, &sb) != 0) > - fatal("Cannot stat %s: %s", identity_file, strerror(errno)); > + if (stat(identity_file, &sb) != 0) { > + if (errno != ENOENT) { > + fatal("Cannot stat %s: %s", identity_file, > + strerror(errno)); > + } > + logit("Hosts file %s does not exist", identity_file); > + cleanup_exit(1); > + } > > memset(&ctx, 0, sizeof(ctx)); > ctx.out = stdout;
Damien Miller
2021-Mar-24 01:10 UTC
"ssh-keygen -R hostname" errors out with non-existent known_hosts
On Tue, 23 Mar 2021, Nico Kadel-Garcia wrote:> On Tue, Mar 23, 2021 at 7:01 PM Damien Miller <djm at mindrot.org> wrote: > > > > On Tue, 23 Mar 2021, Nico Kadel-Garcia wrote: > > > > > I've just run into what I consider a bug: If ~/.ssh/known_hosts does > > > not exist, and the account owner runs the command or their script > > > includes the command "ssh-keygen -R {hostname}", it reports an error > > > rather than reporting "oh, yes, the file was empty and therefore your > > > attempt to delete the hostname was unnecessary". > > > > > > If I want to delete a hostkey entry, and there is none to be found, > > > shouldn't that be considered a successful operation? > > > > I think the condition of known_hosts being absent is worth communicating. > > Maybe a different exit value for that case? > > Exit 0, please. An absent known_hosts file doesn't contain the entry > the "ssh-keygen -R hostname" entry is expected to remove, and the > result should be considered a success for the command.I certainly don't agree. "grep foo /nonexistent" or "sed -i s/foo/bar /nonexistent" don't return status 0 either for exactly the same reason. -d