Bug 1724672
| Summary: | ssh_session_has_known_hosts_entry() regressed in 0.8.91 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Martin Pitt <mpitt> | ||||
| Component: | libssh | Assignee: | Anderson Sasaki <ansasaki> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Ivan Nikolchev <inikolch> | ||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 8.1 | CC: | afedorova, inikolch, mmarusak, stefw | ||||
| Target Milestone: | rc | Keywords: | Regression, Triaged | ||||
| Target Release: | 8.1 | Flags: | pm-rhel:
mirror+
|
||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | libssh-0.9.0-3.el8 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-11-05 22:36:03 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1720267 | ||||||
| Attachments: |
|
||||||
Thanks Anderson! This affects package builds, where my .spec can't just create an /etc/ssh/ssh_known_hosts. But fixing this in the next days is certainly fast enough, we still have some time in RHEL 8.1 to land stuff. Thanks! This should be fixed by libssh-0.9.0-1 in current Fedora rawhide. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:3657 |
Created attachment 1585180 [details] reproducer Description of problem: The latest version 0.8.91 in RHEL 8.1 (and now also Fedora Rawhide) breaks known hosts handling. Hosts are now considered unknown even when Version-Release number of selected component (if applicable): libssh-0.8.91-0.1.el8 How reproducible: Always Steps to Reproduce: 1. Generate a local ./knownhosts file with ssh -o UserKnownHostsFile=./knownhosts 127.0.0.1 No need to log in, just confirm the host key. 2. Build and run the attached reproducer, which exercises ssh_session_has_known_hosts_entry: gcc -Wall -o client-knownhost client-knownhost.c -lssh && ./client-knownhost Actual results: Validate that with libssh up to 0.8.7, the host is known, i. e. that you did the ./knownhosts [2019/06/27 15:27:32.815499, 2] ssh_connect: libssh 0.8.7 (c) 2003-2018 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_pthread [2019/06/27 15:27:32.815815, 2] ssh_socket_connect: Nonblocking connection socket: 3 [2019/06/27 15:27:32.815883, 2] ssh_connect: Socket connecting, now waiting for the callbacks to work [2019/06/27 15:27:32.815931, 1] socket_callback_connected: Socket connection callback: 1 (0) [2019/06/27 15:27:32.829473, 1] ssh_client_connection_callback: SSH server banner: SSH-2.0-OpenSSH_8.0 [2019/06/27 15:27:32.829528, 1] ssh_analyze_banner: Analyzing banner: SSH-2.0-OpenSSH_8.0 [2019/06/27 15:27:32.829554, 1] ssh_analyze_banner: We are talking to an OpenSSH client version: 8.0 (80000) [2019/06/27 15:27:32.829747, 1] ssh_known_hosts_read_entries: Failed to open the known_hosts file '/builddir/.ssh/known_hosts': No such file or directory [2019/06/27 15:27:32.832632, 2] ssh_kex_select_methods: Negotiated curve25519-sha256,ecdsa-sha2-nistp256,aes256-ctr,aes256-ctr,hmac-sha2-256,hmac-sha2-256,none,none,, [2019/06/27 15:27:32.844292, 2] ssh_packet_dh_reply: Received SSH_KEXDH_REPLY [2019/06/27 15:27:32.848752, 2] ssh_client_curve25519_reply: SSH_MSG_NEWKEYS sent [2019/06/27 15:27:32.848811, 2] ssh_packet_newkeys: Received SSH_MSG_NEWKEYS [2019/06/27 15:27:32.849191, 2] ssh_packet_newkeys: Signature verified and valid [2019/06/27 15:27:32.849289, 1] ssh_known_hosts_read_entries: Failed to open the known_hosts file '/builddir/.ssh/known_hosts': No such file or directory host known: 1 with libssh 0.8.91, it is not known: [2019/06/27 15:29:50.895746, 1] ssh_config_parse_line: line 3: Unsupported Match keyword 'final', skipping [2019/06/27 15:29:50.895880, 2] ssh_config_parse_line: Unapplicable option: ForwardX11Trusted, line: 12 [2019/06/27 15:29:50.895957, 2] ssh_config_parse_line: Unapplicable option: SendEnv, line: 15 [2019/06/27 15:29:50.895997, 2] ssh_config_parse_line: Unapplicable option: SendEnv, line: 16 [2019/06/27 15:29:50.896033, 2] ssh_config_parse_line: Unapplicable option: SendEnv, line: 17 [2019/06/27 15:29:50.896056, 2] ssh_config_parse_line: Unapplicable option: SendEnv, line: 18 [2019/06/27 15:29:50.896097, 2] ssh_connect: libssh 0.8.91 (c) 2003-2019 Aris Adamantiadis, Andreas Schneider and libssh contributors. Distributed under the LGPL, please refer to COPYING file for information about your rights, using threading threads_pthread [2019/06/27 15:29:50.896312, 2] ssh_socket_connect: Nonblocking connection socket: 3 [2019/06/27 15:29:50.896379, 2] ssh_connect: Socket connecting, now waiting for the callbacks to work [2019/06/27 15:29:50.896430, 1] socket_callback_connected: Socket connection callback: 1 (0) [2019/06/27 15:29:50.908453, 2] ssh_client_connection_callback: SSH server banner: SSH-2.0-OpenSSH_8.0 [2019/06/27 15:29:50.908497, 2] ssh_analyze_banner: Analyzing banner: SSH-2.0-OpenSSH_8.0 [2019/06/27 15:29:50.908517, 2] ssh_analyze_banner: We are talking to an OpenSSH client version: 8.0 (80000) [2019/06/27 15:29:50.908684, 1] ssh_known_hosts_read_entries: Failed to open the known_hosts file '/builddir/.ssh/known_hosts': No such file or directory [2019/06/27 15:29:50.910906, 2] ssh_kex_select_methods: Negotiated curve25519-sha256,ecdsa-sha2-nistp256,aes256-gcm,aes256-gcm,hmac-sha2-256-etm,hmac-sha2-256-etm,none,none,, [2019/06/27 15:29:50.924347, 2] ssh_init_rekey_state: Set rekey after 4294967296 blocks [2019/06/27 15:29:50.924399, 2] ssh_init_rekey_state: Set rekey after 4294967296 blocks [2019/06/27 15:29:50.924417, 2] ssh_packet_client_curve25519_reply: SSH_MSG_NEWKEYS sent [2019/06/27 15:29:50.924433, 2] ssh_packet_newkeys: Received SSH_MSG_NEWKEYS [2019/06/27 15:29:50.924743, 2] ssh_packet_newkeys: Signature verified and valid host known: -1 (The /builddir is because I'm running this in mock). -1 means SSH_KNOWN_HOSTS_NOT_FOUND. This happens also with specifying an absolute instead of relative path, and also with SSH_OPTIONS_KNOWNHOSTS instead of _GLOBAL_KNOWNHOSTS. Expected results: Host is known with 0.8.91 Additional info: