[Bug 2561] New: ssh-keygen -A does not recreate broken zero-sized host keys
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sun Apr 3 22:50:45 AEST 2016
https://bugzilla.mindrot.org/show_bug.cgi?id=2561
Bug ID: 2561
Summary: ssh-keygen -A does not recreate broken zero-sized host
keys
Product: Portable OpenSSH
Version: 7.2p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: krzysztof.cieplucha at intel.com
In case something goes wrong during host keys generation and there are
zero-sized files which should contain keys left in the filesystem,
ssh-keygen run with -A option is not trying to re-generate those keys.
As a consequence sshd daemon is unable to start because of corrupted
keys and users cannot access the machine remotely through ssh.
We have observed lots of such situations during large-scale
deployments. The root cause for corrupting keys is yet to be
determined, but the ssh-keygen -A should take care of re-generating
evidently broken keys anyway.
Simple fix would be to check not only for key file existence, but also
for it's size, and re-generate the key if it does not exist or it
exists but the file size is equal to zero.
The best approach would be to not only detect existence and size, but
also verifying if the key is not corrupted.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list