Activity log for bug #1668093

Date Who What changed Old value New value Message
2017-02-26 19:29:07 Sarah Newman bug added bug
2017-02-27 17:09:25 Christian Ehrhardt  openssh (Ubuntu): status New Confirmed
2017-02-27 17:09:37 Christian Ehrhardt  bug added subscriber Ubuntu Server Team
2017-02-28 07:53:46 Christian Ehrhardt  tags needs-upstream-report
2017-02-28 19:00:16 Brian Murray openssh (Ubuntu): status Confirmed Triaged
2017-02-28 19:00:21 Brian Murray openssh (Ubuntu): importance Undecided Medium
2017-02-28 19:00:43 Brian Murray bug task added openssh (Debian)
2017-03-09 11:23:47 Colin Watson bug watch added http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851734
2017-03-09 11:23:47 Colin Watson openssh (Debian): importance Undecided Unknown
2017-03-09 11:23:47 Colin Watson openssh (Debian): status New Unknown
2017-03-09 11:23:47 Colin Watson openssh (Debian): remote watch Debian Bug tracker #851734
2017-03-09 11:28:37 Colin Watson nominated for series Ubuntu Xenial
2017-03-09 11:28:37 Colin Watson bug task added openssh (Ubuntu Xenial)
2017-03-09 11:28:37 Colin Watson nominated for series Ubuntu Yakkety
2017-03-09 11:28:37 Colin Watson bug task added openssh (Ubuntu Yakkety)
2017-03-09 11:28:46 Colin Watson openssh (Ubuntu): importance Medium High
2017-03-09 11:28:49 Colin Watson openssh (Ubuntu Xenial): status New Triaged
2017-03-09 11:28:52 Colin Watson openssh (Ubuntu Xenial): importance Undecided High
2017-03-09 11:28:55 Colin Watson openssh (Ubuntu Yakkety): status New Triaged
2017-03-09 11:28:56 Colin Watson openssh (Ubuntu Yakkety): importance Undecided High
2017-03-09 11:28:58 Colin Watson openssh (Ubuntu): status Triaged Fix Committed
2017-03-09 12:37:41 Bug Watch Updater openssh (Debian): status Unknown Fix Committed
2017-03-10 08:50:57 Christian Ehrhardt  tags needs-upstream-report needs-upstream-report patch server-next
2017-03-10 08:51:05 Christian Ehrhardt  bug added subscriber ChristianEhrhardt
2017-03-15 14:37:14 Christian Ehrhardt  description xenial @ 1:7.2p2-4ubuntu2.1 on amd64 has this bug. trusty @ 1:6.6p1-2ubuntu2.8 on amd64 does not have this bug. I have not tested any other ssh versions. The following should reproduce the issue: #ssh-keyscan XXXX > ~/.ssh/known_hosts # ssh root@XXXXX Permission denied (publickey). # ssh-keygen -H /root/.ssh/known_hosts updated. Original contents retained as /root/.ssh/known_hosts.old WARNING: /root/.ssh/known_hosts.old contains unhashed entries Delete this file to ensure privacy of hostnames # ssh root@XXXXXX Permission denied (publickey). # ssh-keygen -H /root/.ssh/known_hosts updated. Original contents retained as /root/.ssh/known_hosts.old WARNING: /root/.ssh/known_hosts.old contains unhashed entries Delete this file to ensure privacy of hostnames # ssh root@XXXXX The authenticity of host 'XXXXXX' can't be established. RSA key fingerprint is XXXXXX. Are you sure you want to continue connecting (yes/no)? # diff known_hosts.old known_hosts 1c1 < |1|BoAbRpUE3F5AzyprJcbjdepeDh8=|x/1AcaLxh45FlShmVQnlgx2qjxY= XXXXX --- > |1|nTPsoLxCugQyZi3pqOa2pc/cX64=|bUH5qwZlZPp8msMGHdLtslf3Huk= XXXXX [Impact] * re-execution of ssh-keygen -H can clobber known-hosts * Due to that users might get spurious re-warnings of known systems. For Automation it might be worse as it might stop to work when re-executed. * This is a regression from Trusty (working) to Xenial (fail) upgrade due to an upstream bug in the versions we merged. * This is a backport of the upstream fix [Test Case] * Pick a Host IP to scan keys from that you can reach and replies with SSH, then run the following trivial loop: $ ssh-keyscan ${IP} > ~/.ssh/known_hosts; for i in $(seq 1 20); do ssh-keygen -H; diff -Naur ~/.ssh/known_hosts.old ~/.ssh/known_hosts; done * Expected: no diff reported, since already hashed entries should be left as-is * Without fix: - diff in the hashes [Regression Potential] * The fix is upstream and soon in Debian as well, so we are not custom diverting here. * The risk should be minimal as this only changes ssh-keygen so despite openssh being really critical this doesn't affect ssh itself at all. [Other Info] * n/a --- xenial @ 1:7.2p2-4ubuntu2.1 on amd64 has this bug. trusty @ 1:6.6p1-2ubuntu2.8 on amd64 does not have this bug. I have not tested any other ssh versions. The following should reproduce the issue: #ssh-keyscan XXXX > ~/.ssh/known_hosts # ssh root@XXXXX Permission denied (publickey). # ssh-keygen -H /root/.ssh/known_hosts updated. Original contents retained as /root/.ssh/known_hosts.old WARNING: /root/.ssh/known_hosts.old contains unhashed entries Delete this file to ensure privacy of hostnames # ssh root@XXXXXX Permission denied (publickey). # ssh-keygen -H /root/.ssh/known_hosts updated. Original contents retained as /root/.ssh/known_hosts.old WARNING: /root/.ssh/known_hosts.old contains unhashed entries Delete this file to ensure privacy of hostnames # ssh root@XXXXX The authenticity of host 'XXXXXX' can't be established. RSA key fingerprint is XXXXXX. Are you sure you want to continue connecting (yes/no)? # diff known_hosts.old known_hosts 1c1 < |1|BoAbRpUE3F5AzyprJcbjdepeDh8=|x/1AcaLxh45FlShmVQnlgx2qjxY= XXXXX --- > |1|nTPsoLxCugQyZi3pqOa2pc/cX64=|bUH5qwZlZPp8msMGHdLtslf3Huk= XXXXX
2017-03-15 14:39:06 Christian Ehrhardt  bug added subscriber Ubuntu Sponsors Team
2017-03-15 17:51:43 Bug Watch Updater openssh (Debian): status Fix Committed Fix Released
2017-03-15 18:57:02 Christian Ehrhardt  removed subscriber Ubuntu Sponsors Team
2017-03-23 20:15:41 Launchpad Janitor openssh (Ubuntu): status Fix Committed Fix Released
2017-03-24 07:33:54 Christian Ehrhardt  bug added subscriber Ubuntu Sponsors Team
2017-03-28 12:38:20 Christian Ehrhardt  openssh (Ubuntu Xenial): assignee ChristianEhrhardt (paelzer)
2017-03-28 12:38:22 Christian Ehrhardt  openssh (Ubuntu Yakkety): assignee ChristianEhrhardt (paelzer)
2017-04-04 10:58:45 Colin Watson openssh (Ubuntu): assignee Colin Watson (cjwatson)
2017-04-06 11:11:03 Łukasz Zemczak openssh (Ubuntu Yakkety): status Triaged Fix Committed
2017-04-06 11:11:06 Łukasz Zemczak bug added subscriber Ubuntu Stable Release Updates Team
2017-04-06 11:11:13 Łukasz Zemczak bug added subscriber SRU Verification
2017-04-06 11:11:20 Łukasz Zemczak tags needs-upstream-report patch server-next needs-upstream-report patch server-next verification-needed
2017-04-06 11:14:56 Łukasz Zemczak openssh (Ubuntu Xenial): status Triaged Fix Committed
2017-04-06 14:49:45 Christian Ehrhardt  tags needs-upstream-report patch server-next verification-needed needs-upstream-report patch server-next verification-done
2017-04-12 08:54:41 Chris bug added subscriber Chris
2017-05-10 16:24:05 Robie Basak removed subscriber Ubuntu Stable Release Updates Team
2017-05-10 16:24:24 Launchpad Janitor openssh (Ubuntu Yakkety): status Fix Committed Fix Released
2017-05-10 16:34:10 Launchpad Janitor openssh (Ubuntu Xenial): status Fix Committed Fix Released