ssh-keyscan does not exit with non-zero return code on error

Bug #1661745 reported by Luke Browning on 2017-02-03
This bug affects 1 person
Affects Status Importance Assigned to Milestone
portable OpenSSH
openssh (Debian)
Fix Released
openssh (Ubuntu)

Bug Description

On xenial, ssh-keyscan returns zero indicating success, when the command fails.

root@cp1:~# lsb_release -d
Description: Ubuntu 16.04.1 LTS

root@cp1:~# ssh-keyscan -H -t ssh-rsa bad-host
getaddrinfo bad-host: Name or service not known
root@cp1:~# echo $?

On trusty, the exit status is non-zero as expected.

root@integration-deployer:/home/ubuntu# lsb_release -d
Description: Ubuntu 14.04.5 LTS

root@integration-deployer:/home/ubuntu# ssh-keyscan -H -t ssh-rsa bad-host
getaddrinfo bad-host: Name or service not known
root@integration-deployer:/home/ubuntu# echo $?

This is a incompatibility between Ubuntu 14.04 and 16.04

I'm not sure ssh-keyscan was ever defined to have bad RC in that case.
The man page is empty, and the bit that I found online says:

No usage errors. ssh-keyscan might or might not have succeeded or failed to scan one, more or all of the given hosts.

Usage error.

Yes it changed in between Trusty and Xenial but that I think is just an upstream change.

Thank you for taking the time to report this bug and helping to make Ubuntu better. I appreciate the quality of this bug report and I'm sure it'll be helpful to others experiencing the same issue.

This sounds like an upstream bug to me. Please can you verify this by building directly from the latest upstream source? If this can be confirmed as an upstream bug, the best route to getting it fixed in Ubuntu in this case would be to file an upstream bug if you're able to do that. Otherwise, I'm not sure what we can do directly in Ubuntu to fix the problem.

If you do end up filing an upstream bug, please link to it from here. Thanks!

Changed in openssh (Debian):
status: Unknown → New
Changed in openssh (Debian):
status: New → Confirmed
Changed in openssh (Debian):
status: Confirmed → Fix Released
Andreas Hasenack (ahasenack) wrote :

Upstream commit in 8.0:
commit c2c18a39683db382a15b438632afab3f551d50ce
Author: <email address hidden> <email address hidden>
Date: Sat Jan 26 22:35:01 2019 +0000

    upstream: make ssh-keyscan return a non-zero exit status if it

    finds no keys. bz#2903

    OpenBSD-Commit-ID: 89f1081fb81d950ebb48e6e73d21807b2723d488


Changed in openssh (Ubuntu):
status: New → Triaged
importance: Undecided → Low
Andreas Hasenack (ahasenack) wrote :

Note that this has the potential of breaking existing scripts, so it's probably not a good SRU candidate.

tags: added: bitesize
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:8.0p1-2

openssh (1:8.0p1-2) experimental; urgency=medium

  * Fix interop tests for recent regress changes.

 -- Colin Watson <email address hidden> Fri, 14 Jun 2019 14:32:12 +0100

Changed in openssh (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.