[Debian bug 781107] ssh-keygen -F return code has changed and is not documented

Damien Miller djm at mindrot.org
Wed Mar 25 09:53:54 AEDT 2015


On Tue, 24 Mar 2015, Matthew Vernon wrote:

> Hi,
> 
> I tripped over the effects of commit 660854 [0] when moving some
> infrastructure from Debian 7 to 8 (openssh 6.0 to 6.7); our ansible
> module used "return 0, but no output" for 'host not found in known_hosts
> file', and now complains that ssh-keygen is returning an error status. I
> don't think this change in API was announced in the release notes?
> 
> i.e. ssh-keygen -F foo.invalid -f ~/.ssh/known_hosts used to return 0
> (and no output), and now returns 1 (and no output).
> 
> Is the non-zero return code really helpful here?

Yes, it lets you tell whether the hostname is present in known_hosts.

> Less controversially, could the return values of ssh-keygen and their
> meanings be documented (and flagged when they change), please?

Sure, someone has to do the work though.

-d


More information about the openssh-unix-dev mailing list