OpenSSH 6.4, "ssh-add -l", output to non-tty

Phil Pennock phil.pennock at
Fri Apr 18 02:32:57 EST 2014

On 2014-04-17 at 12:46 +0200, Peter Stuge wrote:
> Phil Pennock wrote:
> > stdio buffering, not in line-buffering mode, not flushed before
> > `fatal()` call.
> > 
> > Obvious in retrospect.  Bug?
> I think it seems good to add two fflush() calls to fatal().

What happens if fatal() is called from some place in a network speaker
where the caller has decided to exit immediately for security reasons?
(You might be right: this is an honest question from ignorance on my

It looks like openssh is already doing portability/brokenness checks to
end up with a working setlinebuf() call.  Switching ssh-add to be
line-buffered when working with key conversion formats might conceivably
affect broken tools, but it should be safe for list_identities() to do

But this assumes that the remote agent will always have older, more
broadly supported, key formats loaded first; true for a single
invocation of 'ssh-add' loading one set of keys in default order, but
buggy.  It might be better to instead give key_fingerprint() a flag to
avoid fatal()?

diff --git a/ssh-add.c b/ssh-add.c
index 3421452..9bf5f21 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -324,6 +324,9 @@ list_identities(AuthenticationConnection *ac, int do_fp)
 	int had_identities = 0;
 	int version;
+	/* key_fingerprint() can fatal() */
+	setlinebuf(stdout);
 	for (version = 1; version <= 2; version++) {
 		for (key = ssh_get_first_identity(ac, &comment, version);
 		    key != NULL;

More information about the openssh-unix-dev mailing list