[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

This bug was fixed in the package openssh - 1:7.2p2-4ubuntu2.2 --- openssh (1:7.2p2-4ubuntu2.2) xenial; urgency=medium * Fix ssh-keygen -H accidentally corrupting known_hosts that contained already-hashed entries (LP: #1668093). * Fix ssh-keyscan to correctly hash hosts with

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

This bug was fixed in the package openssh - 1:7.3p1-1ubuntu0.1 --- openssh (1:7.3p1-1ubuntu0.1) yakkety; urgency=medium * Fix ssh-keygen -H accidentally corrupting known_hosts that contained already-hashed entries (LP: #1668093). * Fix ssh-keyscan to correctly hash hosts with

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

Prior to the update I had a diff when rehashing like: $ ssh-keyscan 10.245.71.133 > ~/.ssh/known_hosts; for i in $(seq 1 20); do ssh-keygen -H; diff -Naur ~/.ssh/known_hosts.old ~/.ssh/known_hosts; done Removing the known_hosts file and upgrading to proposed version. After the update I see one

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

Hello Sarah, or anyone else affected, Accepted openssh into yakkety-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssh/1:7.3p1-1ubuntu0.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

** Changed in: openssh (Ubuntu) Assignee: (unassigned) => Colin Watson (cjwatson) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1668093 Title: ssh-keygen -H

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

I've hit the publish buttons now. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1668093 Title: ssh-keygen -H corrupts already hashed entries Status in openssh package

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

** Changed in: openssh (Ubuntu Xenial) Assignee: (unassigned) => ChristianEhrhardt (paelzer) ** Changed in: openssh (Ubuntu Yakkety) Assignee: (unassigned) => ChristianEhrhardt (paelzer) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

Great, I see zesty has the fix that works through tests now - thanks cjwatson! Colin could you hit publish on the bileto tickets then to kick of the related SRUs into unapproved? (I'm also subscribing sponsors in case you have no time) Bileto references: Xenial:

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

This bug was fixed in the package openssh - 1:7.4p1-9 --- openssh (1:7.4p1-9) unstable; urgency=medium * Fix null pointer dereference in ssh-keygen; this fixes an autopkgtest regression introduced in 1:7.4p1-8. -- Colin Watson Thu, 16 Mar 2017 13:43:15

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

Thanks Colin, I have new bileto tickets with all the fixes prepared: Xenial: https://bileto.ubuntu.com/#/ticket/2597 Yakkety: https://bileto.ubuntu.com/#/ticket/2598 Although things looked good on testing at first (local amd64), you can see there that arm and s390x seem to fail now. ARM: run

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

I've uploaded 1:7.4p1-9 to unstable to fix this, and will sync it once I can. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1668093 Title: ssh-keygen -H corrupts already

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

Was my guess as well, in a bit I'll be able to test and confirm. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1668093 Title: ssh-keygen -H corrupts already hashed

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

Yep, that seems to do the job here; thanks for narrowing it down. Cherry-picking and then I'll do a full adt-run before uploading again. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu.

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

I'm still setting up my own test environment since I've been doing other things this morning, but I'd guess at https://anongit.mindrot.org/openssh.git/commit/?id=18501151cf272a15b5f2c5e777f2e0933633c513 in that case. -- You received this bug notification because you are a member of Ubuntu Touch

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

Upstream has made no change to the tests since then. I'd have expected upstream to fail as well, but it seems to not fail. On latest upstream: autoreconf -f -i ./configure make -j mkdir /var/empty cd regress $ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh `pwd` keygen-knownhosts.sh

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

Testing and shell into SRU for Xenial (others have the same, so just one is ok) Former Version: $ autopkgtest --apt-upgrade --shell --no-built-binaries openssh_7.2p2-4ubuntu2.1.dsc -- lxd ubuntu-daily:xenial/amd64 New Version: $ autopkgtest --apt-upgrade --shell

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

Yes I've seen this in the Debian upload as well, I'll bundle it - thanks for the heads up. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1668093 Title: ssh-keygen -H

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

Thanks, I'll look into this at the Debian end as soon as I can. I'd suggest bundling fixes for bug 1670745 with any SRUs where it's relevant; I intended those to go together. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

Can now reproduce locally (was my fault), debugging further by isolating the testcase from the regress suite -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1668093 Title:

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

First I checked if the change that got into Debian matches mine that I prepared for SRU - they do. I triggered a local autopkgtest of pre/post SRU upload locally and while that was running evaluated the history of these tests in Ubuntu and Debian. It seems to fail in Debian just as much, while

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

My first guess is that all non openssh fails are random transient issues, but the openssh test itself seems to be related - test is "failed ssh-keygen known_hosts". Maybe some expected content did not match, I'll look into that tomorrow. @cjwatson - did you have anything like that on your

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

I did prepare in Bileto: https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/2585 https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/2586 Associated autopkgtests ran fine: https://bileto.ubuntu.com/excuses/2585/xenial.html Also the openssh tests of the QA Test suite

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

** Changed in: openssh (Debian) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1668093 Title: ssh-keygen -H corrupts already

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

Discussed with cjwatson, the Debian upload to unstable will happen today and a sync to Zesty will follow. So it is about preparing the SRUs and pushing them to unapproved once the sync came in. ** Description changed: + [Impact] + + * re-execution of ssh-keygen -H can clobber known-hosts +

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

** Tags added: patch server-next -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1668093 Title: ssh-keygen -H corrupts already hashed entries Status in openssh package in

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

** Changed in: openssh (Debian) Status: Unknown => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1668093 Title: ssh-keygen -H corrupts already

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

Thanks - I'll cherry-pick that into Debian, so zesty will get the fix. I'd appreciate somebody else handling SRUs, though. ** Bug watch added: Debian Bug tracker #851734 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851734 ** Changed in: openssh (Debian) Importance: Undecided => Unknown

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

This was fixed upstream in this commit https://anongit.mindrot.org/openssh.git/commit/?id=12d3767ba4c84c32150cbe6ff6494498780f12c9 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu.

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

Yes, I will report the bug upstream within the next few days if nobody else reports it first. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1668093 Title: ssh-keygen -H

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

** Changed in: openssh (Ubuntu) Status: Confirmed => Triaged ** Changed in: openssh (Ubuntu) Importance: Undecided => Medium ** Also affects: openssh (Debian) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

On git://anongit.mindrot.org/openssh.git With bisect helper: $cat ../test-ssh.sh #!/bin/bash set -ux make clean autoreconf && ./configure && make -j4 if [[ $? -ne 0 ]]; then # skip build issue exit 125 fi rm ~/.ssh/known_hosts /root/.ssh/known_hosts.old /root/.ssh/known_hosts

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

As I expected it also affects Debian (openssh-client 1:7.4p1-6) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1668093 Title: ssh-keygen -H corrupts already hashed

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

Building and testing latest released upstream https://mirror.hs-esslingen.de/pub/OpenBSD/OpenSSH/portable/openssh-7.4p1.tar.gz autoreconf && ./configure && make -j 4 And Testing local ./ssh-keygen just built. To make sure lib dependencies are not the one that introduce this I built this on

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

Thank you for taking the time to report this bug and helping to make Ubuntu better. I appreciate the quality of this bug report and I'm sure it'll be helpful to others experiencing the same issue. As I proved in my checks this is an upstream bug. OTOH while annoying it is not "very" fatal other

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

Confirmed to not affect Trusty (as reported) (openssh-client 1:6.6p1-2ubuntu2) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1668093 Title: ssh-keygen -H corrupts

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

Confirmed to be also broken in Zesty (openssh-client 1:7.4p1-6) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1668093 Title: ssh-keygen -H corrupts already hashed

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

And the behavior is clearly against what the manpage says: -H Hash a known_hosts file. This replaces all hostnames and addresses with hashed representations within the specified file; the original content is moved to a file with a .old suffix. These hashes may be used normally by ssh and

[Touch-packages] [Bug 1668093] Re: ssh-keygen -H corrupts already hashed entries

Hi, thank you a lot for the good debugging steps! I can totally confirm the issue. Need to check with upstream and Debian versions later. ** Changed in: openssh (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded