unity-sshsearch-lens

Doesn't recognise SSH v1 host keys in known_hosts

Bug #1006528 reported by Andy Smith
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
unity-sshsearch-lens
Won't Fix
Wishlist
Bernd Schlapsi

Bug Description

I sometimes have to SSH to devices which don't support SSH v2. For example, some old Cisco routers still in use as terminal servers (think OOB serial consoles) don't support SSHv2. These devices therefore have v1 host keys, and the sshsearch lens does not appear to consider them valid.

Here's an example of what one looks like in known_hosts (contents are fake, sorry I cannot give you a real host name to try to connect to).

ts-tfm4.example.com,192.168.204.2 2048 65537 000000031541576494338004801238071243519742246000002034290064371071081130325500443308659386600000401097068371428341413112812461745163171700000603729848738248400418111032186714915460430000100198288251184240242426340140063180948113000012014391338192501698598218101101014540942800001404036748151383853134151087367551567087100001604242232210246937721319694814331882081424000020023451176863459511640916401883169042608000022015583310543459057124324071227123024903110000240381165277842056430833351429188521845285000026032847053442035830742694759606210618859000030082801514259382692015139850382788350250000032030704772264037785

As a work-around you can of course list such hosts in your ~/.ssh/config.

Revision history for this message
Bernd Schlapsi (bernd-sch) wrote :

I'm using paramiko (http://www.lag.net/paramiko/) to parse the known_hosts and .ssh/config files. This library is SSH2 protocol only.
I don't want to implement the parsing part on my own. I already did this for my Gnome extension (https://extensions.gnome.org/extension/73/ssh-search-provider/) because there isn't a library for javascript to parse the SSH files.

Also I don't think that a lot of people using SSH v1, but when there is still your described workaround with the ~/.ssh/config file

Furthermore I prefer to rely on a library for this job. But if you would like to provide a patch for this feature request I will have a look at it and integrate this feature into my version.

Changed in unity-sshsearch-lens:
status: New → Won't Fix
assignee: nobody → Bernd Schlapsi (bernd-sch)
importance: Undecided → Wishlist
Revision history for this message
Lars Hansson (romabysen) wrote :

This is also a problem with valid ssh2 ecdsa keys, paramiko does not support them. Since I have a lot of new installations where ecdsa is the default this makes the lens not so useful. Since there's no estimate on when paramiko will support these key types I put together a function that parses a known_hosts file:

def parse_known_hosts(infile):
    hosts = []
    try:
        f = open(infile)
    except IOError:
        return hosts
    for line in f:
        fields = line.split(' ')
        if len(fields) < 3:
            continue
        names = fields[0].split(',')
        hosts = hosts + names
    f.close()
    return hosts

It's works pretty much the same as the parsing in paramiko but it supports any key type. Feel free to include it in the lens.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.