[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#935135: marked as done (ssh-add: loads key with wrong key comment, impairing key management)

Your message dated Wed, 21 Aug 2019 08:52:45 +0200
with message-id <2282997.Z4pETMbIQF@timo01.tiwe.de>
and subject line Re: Bug#935135: ssh-add: loads key with wrong key comment, impairing key management
has caused the Debian Bug report #935135,
regarding ssh-add: loads key with wrong key comment, impairing key management
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
935135: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935135
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: openssh-client
Version: 1:8.0p1-4
Severity: normal

│ 1|tglase@tglase-nb:~ $ cat .ssh/id_pvt.pub
│ ssh-rsa AAA…riqh id_pvt@tglase-nb.lan.tarent.de
│ tglase@tglase-nb:~ $ ssh-add .ssh/id_pvt
│ Enter passphrase for .ssh/id_pvt:
│ Identity added: .ssh/id_pvt (tglase@tglase-nb.lan.tarent.de)
			       ^^^^^^
│ tglase@tglase-nb:~ $ ssh-add -l
│ 3072 SHA256:5P4HaUvrwJVP/5u1NpDEckku9RNwy9weOs+NPhgSdXI /home/tglase/.ssh/id_rsa (RSA)
│ 2048 SHA256:f9MzCY/Cq7WxR83Uzj8uk3uSCBOXef18hn9XIHwLHhE tglase@tglase-nb.lan.tarent.de (RSA)
							  ^^^^^^

In both cases, there must be “id_pvt” instead, so I know
which key is which.


-- System Information:
Debian Release: bullseye/sid
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages openssh-client depends on:
ii  adduser           3.118
ii  dpkg              1.19.7
ii  libc6             2.28-10
ii  libedit2          3.1-20190324-1
ii  libgssapi-krb5-2  1.17-6
ii  libselinux1       2.9-2+b2
ii  libssl1.1         1.1.1c-1
ii  passwd            1:4.7-2
ii  zlib1g            1:1.2.11.dfsg-1+b1

Versions of packages openssh-client recommends:
ii  xauth  1:1.0.10-1

Versions of packages openssh-client suggests:
pn  keychain                  <none>
ii  kwalletcli [ssh-askpass]  3.02-1
pn  libpam-ssh                <none>
pn  monkeysphere              <none>

-- no debconf information

--- End Message ---
--- Begin Message --- 
Hallo Thorsten Glaser,

I think this bug can be closed.

20.08.19 23:23 Thorsten Glaser:
> Timo Weingärtner dixit:
> >If
> >
> >$ file .ssh/id_pvt
> 
> >shows "OpenSSH private key" (instead of "PEM RSA private key") try:
> Oh, indeed, it does.
> 
> tglase@tglase-nb:~ $ file .ssh/id_!(*.*)
> .ssh/id_maven: PEM RSA private key
> .ssh/id_pvt:   OpenSSH private key
> .ssh/id_rsa:   PEM RSA private key
> 
> >$ ssh-keygen -c -C id_pvt -f .ssh/id_pvt
> >
> >to change the embedded comment. The new private key storage format
> >contains an own comment.
> 
> Didn’t even know they had a new private key format… which is very
> opaque…

It looks like RFC 4251 data structures, at least after "openssh-key-v1".

> … this worked, but the key comment for the PEM keys is also
> completely ignored, and they’re listed with pathname instead.

The old PEM format does not include a key comment, so ssh-add sends the file 
name as comment to the agent; it doesn't even look at the public key file.


Grüße
Timo

Attachment: signature.asc
Description: This is a digitally signed message part.


--- End Message ---
Reply to: