You are not logged in.

#1 2015-03-19 03:23:57

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

[Solved] OpenSSH 6.8p1-1 and keychain: can't determine fingerprint

Is anyone else seeing this warning when starting ssh-agent via keychain?

Warning: can't determine fingerprint from the following line, falling back to filename

The keychain source seems to suggest that this shouldn't really be happening.

Is this a case of keychain, or ssh-agent, just needing to be updated for the current OpenSSH?


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#2 2015-03-19 07:01:28

arojas
Developer
From: Spain
Registered: 2011-10-09
Posts: 2,151

Re: [Solved] OpenSSH 6.8p1-1 and keychain: can't determine fingerprint

I'm seeing the same, yes

Offline

#3 2015-03-19 07:18:35

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: [Solved] OpenSSH 6.8p1-1 and keychain: can't determine fingerprint

This is weird, because if I isolate that function and run my keys through it, they all pass without any error.

If you set your variable with `keys=$(ssh-add -l)` and then pipe that to this script: `echo "$keys | keytest`, it works:

#!/usr/bin/sh

shopt -s extglob

while read key; do
		case "$key" in
			*\ @(SHA256|MD5):[0-9a-zA-Z\+\/=]*)
				echo "$key" | cut -f2 -d' '
				;;
			*)
				# Fall back to filename.  Note that commercial ssh is handled
				# explicitly in ssh_l and ssh_f, so hopefully this rule will
				# never fire.
				echo "Can\'t determine fingerprint from the following line, falling back to filename"
				echo "$key"
				basename "$key" | sed 's/[ (].*//'
				;;
		esac
	done | xargs

But that is what is generating the error message...


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#4 2015-03-19 07:31:12

jasonwryan
Anarchist
From: .nz
Registered: 2009-05-09
Posts: 30,424
Website

Re: [Solved] OpenSSH 6.8p1-1 and keychain: can't determine fingerprint

Ugh. I'm an idiot. Those lines haven't been added to keychain in Arch yet... tongue

This patch "fixes" it:

+shopt -s extglob

+			*\ @(SHA256|MD5):[0-9a-zA-Z\+\/=]*)
+				# The new OpenSSH 6.8+ format,
+				#   1024 SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE /home/barney/.ssh/id_dsa (DSA)
+				echo "$ef_line" | cut -f2 -d' '
+				;;

Or, more sensibly, install keychain-git

The relevant commit was only 14 hours ago...


Arch + dwm   •   Mercurial repos  •   Surfraw

Registered Linux User #482438

Offline

#5 2015-03-19 07:40:27

arojas
Developer
From: Spain
Registered: 2011-10-09
Posts: 2,151

Re: [Solved] OpenSSH 6.8p1-1 and keychain: can't determine fingerprint

Thanks, reported to bugs.archlinux.org

Offline

Board footer

Powered by FluxBB