Package: openssh-client Version: 1:8.4p1-5+deb11u2 Severity: normal File: /usr/bin/ssh-keygen
Dear Maintainer, * What led up to the situation? Trying to execute: ssh-keygen -f "/home/mnalis/.ssh/known_hosts" -R "github.com" (exact command as suggested by ssh itself because host key changed, probably due to https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/) * What exactly did you do (or not do) that was effective (or ineffective)? Tried on another machine with openssh-client 1:9.4p1-1, the same problem is present there for this known_hosts file too. Manually editing the file and removing line 200 works around the specific instance of the problem, but "ssh-keygen -R" remains unusable. I assume that manually removing all lines detected as "invalid line" would also allow ssh-keygen to proceed, but I have not tested it. * What was the outcome of this action? ssh-keygen refuses to update known_hosts with following error: % ssh-keygen -f "/home/mnalis/.ssh/known_hosts" -R "github.com" /home/mnalis/.ssh/known_hosts:1: invalid line /home/mnalis/.ssh/known_hosts:2: invalid line /home/mnalis/.ssh/known_hosts:4: invalid line /home/mnalis/.ssh/known_hosts:16: invalid line /home/mnalis/.ssh/known_hosts:17: invalid line # Host github.com found: line 200 /home/mnalis/.ssh/known_hosts is not a valid known_hosts file. Not replacing existing known_hosts file because of errors Here is how first 4 lines of that known_hosts file look like: |1|DCvQVwzVexcX3Mau1D5fZmVKruM=|soAN7Mhjth9ExnFxG47y++6LLHg= 1024 35 167434766793837483340248804980769949824665268604993978563358959479765830951370741558908832827011687207884480786428301345738847818832072690127564924719644302715664485137952117178027506363037390447008852228373472317454193197538959482837286051143224351239595700806436016270258891540041265360900792522259140180921 |1|amNEFjA4gEiPAJp/hZepdJ1a38A=|3r0i0zg3DJ9iiaAcpdPfLNrhUrw= 1024 35 167434766793837483340248804980769949824665268604993978563358959479765830951370741558908832827011687207884480786428301345738847818832072690127564924719644302715664485137952117178027506363037390447008852228373472317454193197538959482837286051143224351239595700806436016270258891540041265360900792522259140180921 |1|+Q0EQTlTQeJ0jfLrk4Bhhyq7tic=|OtfKGw6dQ8Sw3BsH3MsRxj/+am8= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAoSZK2F7aXr0UxG8TqyqRiVKK1redIINJw2XHAFYwg+fRT4QxRGWANoZO4ggK6SB1dV0JsIvfJr/D7VGNiwfLT/i+K/EWt1jQ1Y13cLhzqqSrsUOWvsr2xC+re8QeSILk5pzP5nzQEYTyyBknCq0yCjnuRKm9MhqQOrcgY2GMB3U= |1|zlwmrL64HaBaMTElBLAjB5wfiNE=|aqU2HeyZ00Nb16tHDcnZF/KALYI= 1024 35 127996390308881367982749181615590389946112714634614519843262364092321681710130910232611431762945334377336640067840062246513041629962755479231984134203580650174397517780096139161960264450818602524143591999435168314030504459201667428786398279613415241098669732580262057385208616093432930475934719992598708459451 That machine on which known_hosts exist, has been updated for many Debian versions (at least from Squeeze, probably from Woody). I seem to recall that the known_hosts contained plaintext FQDNs back in the time, and then some version decided to convert them to currently used hashed format. It seem that not all lines that were converted are recognized by recent openssh versions. * What outcome did you expect instead? that the offending line at line 200 is removed. -- System Information: Debian Release: 11.8 APT prefers oldstable-security APT policy: (500, 'oldstable-security'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-26-amd64 (SMP w/2 CPU threads) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages openssh-client depends on: ii adduser 3.118+deb11u1 ii dpkg 1.20.13 ii libc6 2.31-13+deb11u7 ii libedit2 3.1-20191231-2+b1 ii libfido2-1 1.6.0-2 ii libgssapi-krb5-2 1.18.3-6+deb11u4 ii libselinux1 3.1-3 ii libssl1.1 1.1.1w-0+deb11u1 ii passwd 1:4.8.1-1 ii zlib1g 1:1.2.11.dfsg-2+deb11u2 Versions of packages openssh-client recommends: ii xauth 1:1.1-1 Versions of packages openssh-client suggests: pn keychain <none> pn libpam-ssh <none> pn monkeysphere <none> ii ssh-askpass-gnome [ssh-askpass] 1:8.4p1-5+deb11u2 -- no debconf information
