[Bug 483928] [NEW] ssh-keyscan(1) exits prematurely on some non-fatal errors

Mon, 16 Nov 2009 17:20:49 -0800 

Public bug reported:

Binary package hint: openssh-client

This concerns openssh-client 1:5.1p1-5ubuntu1 in Karmic.

I am using ssh-keyscan(1) for its intended purpose: building an
ssh_known_hosts file for a large network. Most of the hosts on this
network are well-maintained systems, with properly-functioning SSH
servers, and present no difficulty to the program.

However, a handful of hosts are barely alive, with SSH servers that are
not exactly in good working order. ssh-keyscan(1) currently will scan
these systems, encounter some form of error, and then---right here is
the problem---exit in the middle of the scan. The last bit of stderr
output may look like

        # A.B.C.D SSH-2.0-OpenSSH_4.3
        # A.B.C.E SSH-2.0-OpenSSH_4.3
        # A.B.C.F SSH-1.99-OpenSSH_3.7p1
        Connection closed by A.B.C.F

or

        # A.B.C.D SSH-2.0-OpenSSH_4.1
        # A.B.C.E SSH-2.0-OpenSSH_4.1
        # A.B.C.F SSH-2.0-mpSSH_0.1.0
        Received disconnect from A.B.C.F: 10:  Protocol error

or

        # A.B.C.D SSH-2.0-OpenSSH_4.4p1
        # A.B.C.E SSH-2.0-OpenSSH_5.0p1
        # A.B.C.F SSH-2.0-mpSSH_0.1.0
        Received disconnect from A.B.C.F: 11:  SSH Disabled

(These are the different failure modes I've observed to date)

ssh-keyscan(1) needs to be robust to these kinds of errors---simply make
a note of them, and continue on with the scan. I don't want to have to
find out which systems are misbehaving by running and re-running the
scan (each run yields at most one bad host, obviously), nor manually
edit out the few bad apples from the input list of hosts (especially
considering that this particular subset can change over time). Neither
is feasible when the number of hosts being scanned is very large.

** Affects: openssh (Ubuntu)
     Importance: Undecided
         Status: New

-- 
ssh-keyscan(1) exits prematurely on some non-fatal errors
https://bugs.launchpad.net/bugs/483928
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.

-- 
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs

Reply via email to