Bug#614818: openssh-client: ssh(1) man page should note id_rsa encryption now uses AES, not 3DES

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#614818: openssh-client: ssh(1) man page should note id_rsa encryption now uses AES, not 3DES
From: Calum Mackay <calum.mackay@cdmnet.org>
Date: Tue, 22 Feb 2011 23:10:40 +0000
Message-id: <[🔎] 20110222231040.16826.88052.reportbug@cdmnet.org>
Reply-to: Calum Mackay <calum.mackay@cdmnet.org>, 614818@bugs.debian.org

Package: openssh-client
Version: 1:5.8p1-2
Severity: normal

In the FILES section of ssh(1), it says:

     ~/.ssh/id_rsa
             Contains the private key for authentication.  These files contain
             sensitive data and should be readable by the user but not acces‐
             sible by others (read/write/execute).  ssh will simply ignore a
             private key file if it is accessible by others.  It is possible
             to specify a passphrase when generating the key which will be
             used to encrypt the sensitive part of this file using 3DES.

However, in a recent release, ssh-keygen has switched to using AES, not
3DES, to encrpyt the private key. This is noted in the ssh-keygen(1) page,
in this same pkg:

     ~/.ssh/id_rsa
             Contains the protocol version 2 DSA, ECDSA or RSA authentication
             identity of the user.  This file should not be readable by anyone
             but the user.  It is possible to specify a passphrase when gener‐
             ating the key; that passphrase will be used to encrypt the pri‐
             vate part of this file using 128-bit AES.  [...]


This section should probably be the same across both man pages.

thanks much
calum.



-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.35.7 (PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-client depends on:
ii  adduser              3.112+nmu2          add and remove users and groups
ii  debconf [debconf-2.0 1.5.38              Debian configuration management sy
ii  dpkg                 1.15.8.10           Debian package management system
ii  libc6                2.11.2-11           Embedded GNU C Library: Shared lib
ii  libedit2             2.11-20080614-2     BSD editline and history libraries
ii  libgssapi-krb5-2     1.8.1+dfsg-5        MIT Kerberos runtime libraries - k
ii  libselinux1          2.0.96-1            SELinux runtime shared libraries
ii  libssl0.9.8          0.9.8o-4            SSL shared libraries
ii  passwd               1:4.1.4.2+svn3283-2 change and administer password and
ii  zlib1g               1:1.2.3.4.dfsg-3    compression library - runtime

Versions of packages openssh-client recommends:
ii  openssh-blacklist             0.4.1      list of default blacklisted OpenSS
ii  openssh-blacklist-extra       0.4.1      list of non-default blacklisted Op
ii  xauth                         1:1.0.5-1  X authentication utility

Versions of packages openssh-client suggests:
ii  gtk-led-askpass [ssh-askpass 0.11-1      GTK+ password dialog suitable for 
ii  keychain                     2.6.8-2     key manager for OpenSSH
pn  libpam-ssh                   <none>      (no description available)
ii  ssh-askpass                  1:1.2.4.1-9 under X, asks user for a passphras

-- debconf-show failed

Reply to:

Prev by Date: Bug#594295: Please either support or ignore ControlPersist in stable, for compatibility
Next by Date: Bug#614897: openssh-client: ssh-add fails to read from FIFOs
Previous by thread: Bug#594295: Please either support or ignore ControlPersist in stable, for compatibility
Next by thread: Bug#614897: openssh-client: ssh-add fails to read from FIFOs
Index(es):
- Date
- Thread