Thank you for taking the time to report this bug while providing a good
reproducer.
I was able to reproduce in Focal and Bionic
# ssh-keyscan github.com >test_known_hosts
# ls -la test_known_hosts
-rw-r--r-- 1 root root 656 Mar 28 14:24 test_known_hosts
# ssh-keygen -R github.com -f test_known_hosts
test_known_hosts updated.
Original contents retained as test_known_hosts.old
# ls -la test_known_hosts
-rw------- 1 root root 0 Mar 28 14:25 test_known_hosts
However in Jammy and Impish this is fixed:
# ssh-keyscan github.com >test_known_hosts
# ls -la test_known_hosts
-rw-r--r-- 1 root root 656 Mar 28 14:30 test_known_hosts
# ssh-keygen -R github.com -f test_known_hosts
test_known_hosts updated.
Original contents retained as test_known_hosts.old
# ls -la test_known_hosts
-rw-r--r-- 1 root root 0 Mar 28 14:31 test_known_hosts
With this already being fixed in the newer releases it should just be a matter
of finding the relevant commit and adding it to focal and bionic.
Thanks
** Also affects: openssh (Ubuntu Impish)
Importance: Undecided
Status: New
** Also affects: openssh (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: openssh (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: openssh (Ubuntu Bionic)
Importance: Undecided
Status: New
** Changed in: openssh (Ubuntu Impish)
Status: New => Fix Released
** Changed in: openssh (Ubuntu Jammy)
Status: New => Fix Released
** Changed in: openssh (Ubuntu Bionic)
Status: New => Confirmed
** Changed in: openssh (Ubuntu Focal)
Status: New => Confirmed
** Tags added: server-todo
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1966591
Title:
ssh-keygen -R changes known_hosts file permissions (mode)
Status in openssh package in Ubuntu:
Fix Released
Status in openssh source package in Bionic:
Confirmed
Status in openssh source package in Focal:
Confirmed
Status in openssh source package in Impish:
Fix Released
Status in openssh source package in Jammy:
Fix Released
Bug description:
When I use ssh-keygen -R to remove a host from known_hosts it changes
permissions on the file. This causes problems particularly when used
on the global known hosts file (/etc/ssh/ssh_known_hosts), because
then only root can read it. Programs running non-interactively as non-
root users suddenly fail to SSH and it's not immediately obvious why.
To reproduce:
$ ssh-keyscan github.com >test_known_hosts
$ chmod 741 test_known_hosts
$ ssh-keygen -R github.com -f test_known_hosts
$ stat test_known_hosts
...
Access: (0600/-rw-------) ...
Expected behavior: file permissions remain unchanged (mode 0741 in
this example).
$ lsb_release -rd
Description: Ubuntu 18.04.6 LTS
Release: 18.04
$ apt-cache policy openssh-client
openssh-client:
Installed: 1:7.6p1-4ubuntu0.6
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1966591/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
