Package: openssh-client
Version: 1:8.4p1-5+deb11u2
Severity: normal
File: /usr/bin/ssh-keygen

Dear Maintainer,

   * What led up to the situation?

Trying to execute:
 ssh-keygen -f "/home/mnalis/.ssh/known_hosts" -R ""

(exact command as suggested by ssh itself because host key changed, 
 probably due to

   * What exactly did you do (or not do) that was effective (or

Tried on another machine with openssh-client 1:9.4p1-1, the same problem is
present there for this known_hosts file too.  Manually editing the file and
removing line 200 works around the specific instance of the problem, but
"ssh-keygen -R" remains unusable. I assume that manually removing all 
lines detected as "invalid line" would also allow ssh-keygen to proceed, 
but I have not tested it.

   * What was the outcome of this action?

ssh-keygen refuses to update known_hosts with following error:

% ssh-keygen -f "/home/mnalis/.ssh/known_hosts" -R ""
/home/mnalis/.ssh/known_hosts:1: invalid line
/home/mnalis/.ssh/known_hosts:2: invalid line
/home/mnalis/.ssh/known_hosts:4: invalid line
/home/mnalis/.ssh/known_hosts:16: invalid line
/home/mnalis/.ssh/known_hosts:17: invalid line
# Host found: line 200
/home/mnalis/.ssh/known_hosts is not a valid known_hosts file.
Not replacing existing known_hosts file because of errors

Here is how first 4 lines of that known_hosts file look like:

|1|DCvQVwzVexcX3Mau1D5fZmVKruM=|soAN7Mhjth9ExnFxG47y++6LLHg= 1024 35 
|1|amNEFjA4gEiPAJp/hZepdJ1a38A=|3r0i0zg3DJ9iiaAcpdPfLNrhUrw= 1024 35 
|1|+Q0EQTlTQeJ0jfLrk4Bhhyq7tic=|OtfKGw6dQ8Sw3BsH3MsRxj/+am8= ssh-rsa 
|1|zlwmrL64HaBaMTElBLAjB5wfiNE=|aqU2HeyZ00Nb16tHDcnZF/KALYI= 1024 35 

That machine on which known_hosts exist, has been updated for many Debian
versions (at least from Squeeze, probably from Woody).  I seem to recall
that the known_hosts contained plaintext FQDNs back in the time, and then
some version decided to convert them to currently used hashed format. 

It seem that not all lines that were converted are recognized by recent
openssh versions.

   * What outcome did you expect instead?

that the offending line at line 200 is removed.

-- System Information:
Debian Release: 11.8
  APT prefers oldstable-security
  APT policy: (500, 'oldstable-security'), (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-26-amd64 (SMP w/2 CPU threads)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssh-client depends on:
ii  adduser           3.118+deb11u1
ii  dpkg              1.20.13
ii  libc6             2.31-13+deb11u7
ii  libedit2          3.1-20191231-2+b1
ii  libfido2-1        1.6.0-2
ii  libgssapi-krb5-2  1.18.3-6+deb11u4
ii  libselinux1       3.1-3
ii  libssl1.1         1.1.1w-0+deb11u1
ii  passwd            1:4.8.1-1
ii  zlib1g            1:1.2.11.dfsg-2+deb11u2

Versions of packages openssh-client recommends:
ii  xauth  1:1.1-1

Versions of packages openssh-client suggests:
pn  keychain                         <none>
pn  libpam-ssh                       <none>
pn  monkeysphere                     <none>
ii  ssh-askpass-gnome [ssh-askpass]  1:8.4p1-5+deb11u2

-- no debconf information

Reply via email to