iTerm2 clobbers ~/.ssh/known_hosts!
I tried out the iTerm2 beta for the first time yesterday. This clobbered my known_hosts file.
I tried the download functionality; at this point iTerm2 asked me to verify the host key for the host ("First time connecting to..."), which I thought was curious since that host was already in my ~/.ssh/known_hosts file. I accepted the host key.
After this, many keys are gone from known_hosts. It seems completely random.
I can reproduce this consistently.
2.9.20160206 on OS X 10.11.3.
Activity
Well, that's pretty serious.
I just tried reproducing on my machine and the file didn't get clobbered, so there's some difference between our systems.
One thing that comes to mind is permissions issues, although that's kind of a stretch. Do you have these permissions on your known_hosts file when you do
ls -l:-rw-r--r--Milestone changed to Ship 3.0
Permissions are 0600 (
-rw-------).However, I don’t think the permissions are the issue — after all, it’s able to both read and write the file.
I have some hosts in my file that are hashed (HashKnownHosts=yes in SSH config), but I disabled that after realizing it makes the file unreadable. I also have a lot of “ssh-rsa” hosts. Newer hosts are ecdsa-sha2-nistp256.
I can reproduce this again and send you a sample of deleted/preserved entries privately if you give me your email address.
What does iTerm use to read and write the host file? It sounds to me like you’re reading it and discarding lines you don’t recognize before saving. That’s dangerous if your parsing code isn’t 100%, and can lead to data loss if OpenSSH ever extends the format with syntax that your tool doesn’t recognize. It’s better to read the file as lines, append what you need, and then resave it.
-
Both the reading and writing are done with libssh2 (our usage of it goes through the NMSSH library, and the code, which I wrote, is here: https://github.com/NMSSH/NMSSH/blob/master/NMSSH/NMSSHSession.m#L710).
Either there's a bug in libssh2 or in our usage of it.
If you don't mind sending me a copy of your known_hosts file before we clobber it, that would be very helpful. Feel free to remove entries, as long as it's in a state where using it would cause a clobber. You can mail it to gnachman at gmail dot com. Please put "issue 4250" in the subject line.
Thanks. Sent by email. Looking at libssh2, its feature list says:
Hostkey Types: ssh-rsa, ssh-dss
So it's not surprising that it doesn't do ecdsa-sha2-nistp256 host keys. However, it is a grave error to strip unrecognized host keys from a file!
FWIW, I'm using:
# ssh -V OpenSSH_6.9p1, LibreSSL 2.1.8Edited by username-removed-400166Yes, I just checked, it only deletes lines that are not
ssh-rsa(I don't have anyssh-dss).Actually: It also splits some ssh-rsa "name,ip" entries. Emailing you the details.
Edited by username-removed-400166I'm flabbergasted that libssh2 is so far behind, actually. Looks like libssh implements the host keys correctly, but you're still always going to be a position where you can be out of sync with OpenSSH (which, if you look at the output of
ssh -Q key, supports even more host key types than either libssh or libssh2 support).I'm also flabbergasted that libssh2 will destroy lines it doesn't recognize. That's bad design.
Honestly, if I were you, I'd write the host file modification from scratch. Write some code that parses the file and can append new entries, but never rewrite any lines you don't know how to deal with. I don't know if there's an OpenSSH tool you can spawn to do the work;
ssh-keygendoes a lot of things, but it doesn't look like it can add new entries.ssh-keyscancan, but I don't know if it's appropriate.ssh-keygencan, however, search for the presence of entries, with the-Fflag. (But if you spawn OpenSSH commands, you'll have to deal with different versions of it, so it's not super trivial.)Milestone changed to Next Beta
-
Should be fixed by commit c32125ff. Please verify with tomorrow's nightly build.
-
Fixed in commit 93803b34
