Bug#614818: openssh-client: ssh(1) man page should note id_rsa encryption now uses AES, not 3DES
Package: openssh-client
Version: 1:5.8p1-2
Severity: normal
In the FILES section of ssh(1), it says:
~/.ssh/id_rsa
Contains the private key for authentication. These files contain
sensitive data and should be readable by the user but not acces‐
sible by others (read/write/execute). ssh will simply ignore a
private key file if it is accessible by others. It is possible
to specify a passphrase when generating the key which will be
used to encrypt the sensitive part of this file using 3DES.
However, in a recent release, ssh-keygen has switched to using AES, not
3DES, to encrpyt the private key. This is noted in the ssh-keygen(1) page,
in this same pkg:
~/.ssh/id_rsa
Contains the protocol version 2 DSA, ECDSA or RSA authentication
identity of the user. This file should not be readable by anyone
but the user. It is possible to specify a passphrase when gener‐
ating the key; that passphrase will be used to encrypt the pri‐
vate part of this file using 128-bit AES. [...]
This section should probably be the same across both man pages.
thanks much
calum.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.35.7 (PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssh-client depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii debconf [debconf-2.0 1.5.38 Debian configuration management sy
ii dpkg 1.15.8.10 Debian package management system
ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib
ii libedit2 2.11-20080614-2 BSD editline and history libraries
ii libgssapi-krb5-2 1.8.1+dfsg-5 MIT Kerberos runtime libraries - k
ii libselinux1 2.0.96-1 SELinux runtime shared libraries
ii libssl0.9.8 0.9.8o-4 SSL shared libraries
ii passwd 1:4.1.4.2+svn3283-2 change and administer password and
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages openssh-client recommends:
ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS
ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op
ii xauth 1:1.0.5-1 X authentication utility
Versions of packages openssh-client suggests:
ii gtk-led-askpass [ssh-askpass 0.11-1 GTK+ password dialog suitable for
ii keychain 2.6.8-2 key manager for OpenSSH
pn libpam-ssh <none> (no description available)
ii ssh-askpass 1:1.2.4.1-9 under X, asks user for a passphras
-- debconf-show failed
Reply to: