[Bug 2561] New: ssh-keygen -A does not recreate broken zero-sized host keys

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sun Apr 3 22:50:45 AEST 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2561

            Bug ID: 2561
           Summary: ssh-keygen -A does not recreate broken zero-sized host
                    keys
           Product: Portable OpenSSH
           Version: 7.2p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh-keygen
          Assignee: unassigned-bugs at mindrot.org
          Reporter: krzysztof.cieplucha at intel.com

In case something goes wrong during host keys generation and there are
zero-sized files which should contain keys left in the filesystem,
ssh-keygen run with -A option is not trying to re-generate those keys.
As a consequence sshd daemon is unable to start because of corrupted
keys and users cannot access the machine remotely through ssh.

We have observed lots of such situations during large-scale
deployments. The root cause for corrupting keys is yet to be
determined, but the ssh-keygen -A should take care of re-generating
evidently broken keys anyway.

Simple fix would be to check not only for key file existence, but also
for it's size, and re-generate the key if it does not exist or it
exists but the file size is equal to zero.

The best approach would be to not only detect existence and size, but
also verifying if the key is not corrupted.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list