"ssh-keygen -R hostname" errors out with non-existent known_hosts

[Damien Miller]

On Tue, 23 Mar 2021, Nico Kadel-Garcia wrote:

> I've just run into what I consider a bug: If ~/.ssh/known_hosts does
> not exist, and the account owner runs the command or their script
> includes the command "ssh-keygen -R {hostname}", it reports an error
> rather than reporting "oh, yes, the file was empty and therefore your
> attempt to delete the hostname was unnecessary".
> 
> If I want to delete a hostkey entry, and there is none to be found,
> shouldn't that be considered a successful operation?

I think the condition of known_hosts being absent is worth communicating.
Maybe a different exit value for that case?


diff --git a/ssh-keygen.c b/ssh-keygen.c
index a442dc8e..3f603163 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1305,8 +1305,14 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host,
 		free(cp);
 		have_identity = 1;
 	}
-	if (stat(identity_file, &sb) != 0)
-		fatal("Cannot stat %s: %s", identity_file, strerror(errno));
+	if (stat(identity_file, &sb) != 0) {
+		if (errno != ENOENT) {
+			fatal("Cannot stat %s: %s", identity_file,
+			    strerror(errno));
+		}
+		logit("Hosts file %s does not exist", identity_file);
+		cleanup_exit(1);
+	}
 
 	memset(&ctx, 0, sizeof(ctx));
 	ctx.out = stdout;