Omar Polo <op@omarpolo.com> wrote:
> Josh Rickmar <openbsd+lists@zettaport.com> wrote:
> > If anyone asks, I don't know why ssh-keygen(1) is printing a CRLF for
> > the missing key message to stderr.
> 
> I still have to understand the bigger picture of how tag signing works,
> but I agree on the diff: it's not a bad idea to look at the exit code
> before considering the output.
> 
> This behavior of ssh-keygen of printing error smells like an error
> to me tho, someone has tried to report it or dig further?

hum, apparently this seems on puropose?

from usr.bin/ssh/log.c

    370         } else if (log_on_stderr) {
    371                 snprintf(msgbuf, sizeof msgbuf, "%s%s%.*s\r\n",
    372                     (log_on_stderr > 1) ? progname : "",
    373                     (log_on_stderr > 1) ? ": " : "",
    374                     (int)sizeof msgbuf - 3, fmtbuf);
    375                 (void)write(log_stderr_fd, msgbuf, strlen(msgbuf));

and that seems to have been there for quite a while.  (i tracked it down
to 9a24126 -- or revision 1.16 of log.c -- in 2001)