Your message dated Wed, 21 Aug 2019 08:52:45 +0200 with message-id <2282997.Z4pETMbIQF@timo01.tiwe.de> and subject line Re: Bug#935135: ssh-add: loads key with wrong key comment, impairing key management has caused the Debian Bug report #935135, regarding ssh-add: loads key with wrong key comment, impairing key management to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 935135: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935135 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: ssh-add: loads key with wrong key comment, impairing key management
- From: Thorsten Glaser <tg@mirbsd.de>
- Date: Tue, 20 Aug 2019 00:30:03 +0200
- Message-id: <[🔎] 156625380310.29650.13509460773241671052.reportbug@tglase-nb.lan.tarent.de>
Package: openssh-client Version: 1:8.0p1-4 Severity: normal │ 1|tglase@tglase-nb:~ $ cat .ssh/id_pvt.pub │ ssh-rsa AAA…riqh id_pvt@tglase-nb.lan.tarent.de │ tglase@tglase-nb:~ $ ssh-add .ssh/id_pvt │ Enter passphrase for .ssh/id_pvt: │ Identity added: .ssh/id_pvt (tglase@tglase-nb.lan.tarent.de) ^^^^^^ │ tglase@tglase-nb:~ $ ssh-add -l │ 3072 SHA256:5P4HaUvrwJVP/5u1NpDEckku9RNwy9weOs+NPhgSdXI /home/tglase/.ssh/id_rsa (RSA) │ 2048 SHA256:f9MzCY/Cq7WxR83Uzj8uk3uSCBOXef18hn9XIHwLHhE tglase@tglase-nb.lan.tarent.de (RSA) ^^^^^^ In both cases, there must be “id_pvt” instead, so I know which key is which. -- System Information: Debian Release: bullseye/sid APT prefers buildd-unstable APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.2.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8) Shell: /bin/sh linked to /bin/lksh Init: sysvinit (via /sbin/init) Versions of packages openssh-client depends on: ii adduser 3.118 ii dpkg 1.19.7 ii libc6 2.28-10 ii libedit2 3.1-20190324-1 ii libgssapi-krb5-2 1.17-6 ii libselinux1 2.9-2+b2 ii libssl1.1 1.1.1c-1 ii passwd 1:4.7-2 ii zlib1g 1:1.2.11.dfsg-1+b1 Versions of packages openssh-client recommends: ii xauth 1:1.0.10-1 Versions of packages openssh-client suggests: pn keychain <none> ii kwalletcli [ssh-askpass] 3.02-1 pn libpam-ssh <none> pn monkeysphere <none> -- no debconf information
--- End Message ---
--- Begin Message ---
- To: Thorsten Glaser <tg@mirbsd.de>
- Cc: 935135-done@bugs.debian.org
- Subject: Re: Bug#935135: ssh-add: loads key with wrong key comment, impairing key management
- From: Timo Weingärtner <timo@tiwe.de>
- Date: Wed, 21 Aug 2019 08:52:45 +0200
- Message-id: <2282997.Z4pETMbIQF@timo01.tiwe.de>
- In-reply-to: <[🔎] Pine.BSM.4.64L.1908202119580.29540@herc.mirbsd.org>
- References: <[🔎] 156625380310.29650.13509460773241671052.reportbug@tglase-nb.lan.tarent.de> <[🔎] 4397872.abhbrLIod0@timo01.tiwe.de> <[🔎] Pine.BSM.4.64L.1908202119580.29540@herc.mirbsd.org>
Hallo Thorsten Glaser, I think this bug can be closed. 20.08.19 23:23 Thorsten Glaser: > Timo Weingärtner dixit: > >If > > > >$ file .ssh/id_pvt > > >shows "OpenSSH private key" (instead of "PEM RSA private key") try: > Oh, indeed, it does. > > tglase@tglase-nb:~ $ file .ssh/id_!(*.*) > .ssh/id_maven: PEM RSA private key > .ssh/id_pvt: OpenSSH private key > .ssh/id_rsa: PEM RSA private key > > >$ ssh-keygen -c -C id_pvt -f .ssh/id_pvt > > > >to change the embedded comment. The new private key storage format > >contains an own comment. > > Didn’t even know they had a new private key format… which is very > opaque… It looks like RFC 4251 data structures, at least after "openssh-key-v1". > … this worked, but the key comment for the PEM keys is also > completely ignored, and they’re listed with pathname instead. The old PEM format does not include a key comment, so ssh-add sends the file name as comment to the agent; it doesn't even look at the public key file. Grüße TimoAttachment: signature.asc
Description: This is a digitally signed message part.
--- End Message ---