"ssh-keygen -R hostname" errors out with non-existent known_hosts
Nico Kadel-Garcia
nkadel at gmail.com
Wed Mar 24 11:28:10 AEDT 2021
On Tue, Mar 23, 2021 at 7:01 PM Damien Miller <djm at mindrot.org> wrote:
>
> On Tue, 23 Mar 2021, Nico Kadel-Garcia wrote:
>
> > I've just run into what I consider a bug: If ~/.ssh/known_hosts does
> > not exist, and the account owner runs the command or their script
> > includes the command "ssh-keygen -R {hostname}", it reports an error
> > rather than reporting "oh, yes, the file was empty and therefore your
> > attempt to delete the hostname was unnecessary".
> >
> > If I want to delete a hostkey entry, and there is none to be found,
> > shouldn't that be considered a successful operation?
>
> I think the condition of known_hosts being absent is worth communicating.
> Maybe a different exit value for that case?
Exit 0, please. An absent known_hosts file doesn't contain the entry
the "ssh-keygen -R hostname" entry is expected to remove, and the
result should be considered a success for the command.
> diff --git a/ssh-keygen.c b/ssh-keygen.c
> index a442dc8e..3f603163 100644
> --- a/ssh-keygen.c
> +++ b/ssh-keygen.c
> @@ -1305,8 +1305,14 @@ do_known_hosts(struct passwd *pw, const char *name, int find_host,
> free(cp);
> have_identity = 1;
> }
> - if (stat(identity_file, &sb) != 0)
> - fatal("Cannot stat %s: %s", identity_file, strerror(errno));
> + if (stat(identity_file, &sb) != 0) {
> + if (errno != ENOENT) {
> + fatal("Cannot stat %s: %s", identity_file,
> + strerror(errno));
> + }
> + logit("Hosts file %s does not exist", identity_file);
> + cleanup_exit(1);
> + }
>
> memset(&ctx, 0, sizeof(ctx));
> ctx.out = stdout;
More information about the openssh-unix-dev
mailing list