[Debian bug 781107] ssh-keygen -F return code has changed and is not documented
Matthew Vernon
matthew at debian.org
Wed Mar 25 05:28:52 AEDT 2015
Hi,
I tripped over the effects of commit 660854 [0] when moving some
infrastructure from Debian 7 to 8 (openssh 6.0 to 6.7); our ansible
module used "return 0, but no output" for 'host not found in known_hosts
file', and now complains that ssh-keygen is returning an error status. I
don't think this change in API was announced in the release notes?
i.e. ssh-keygen -F foo.invalid -f ~/.ssh/known_hosts used to return 0
(and no output), and now returns 1 (and no output).
Is the non-zero return code really helpful here? Much infrastructure
will have to support the old API for the foreseeable future, and I'm not
sure it's really an error condition for a host to not be in the
known_hosts file.
Less controversially, could the return values of ssh-keygen and their
meanings be documented (and flagged when they change), please?
Regards,
Matthew
[0]
https://anongit.mindrot.org/openssh.git/commit/?id=660854859cad31d234edb9353fb7ca2780df8128
More information about the openssh-unix-dev
mailing list