Bug#935135: marked as done (ssh-add: loads key with wrong key comment, impairing key management)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Bug#935135: marked as done (ssh-add: loads key with wrong key comment, impairing key management)

Debian Bug Tracking System
Your message dated Wed, 21 Aug 2019 08:52:45 +0200
with message-id <[hidden email]>
and subject line Re: Bug#935135: ssh-add: loads key with wrong key comment, impairing key management
has caused the Debian Bug report #935135,
regarding ssh-add: loads key with wrong key comment, impairing key management
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [hidden email]
immediately.)


--
935135: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935135
Debian Bug Tracking System
Contact [hidden email] with problems

Package: openssh-client
Version: 1:8.0p1-4
Severity: normal

│ 1|tglase@tglase-nb:~ $ cat .ssh/id_pvt.pub
│ ssh-rsa AAA…riqh [hidden email]
│ tglase@tglase-nb:~ $ ssh-add .ssh/id_pvt
│ Enter passphrase for .ssh/id_pvt:
│ Identity added: .ssh/id_pvt ([hidden email])
                               ^^^^^^
│ tglase@tglase-nb:~ $ ssh-add -l
│ 3072 SHA256:5P4HaUvrwJVP/5u1NpDEckku9RNwy9weOs+NPhgSdXI /home/tglase/.ssh/id_rsa (RSA)
│ 2048 SHA256:f9MzCY/Cq7WxR83Uzj8uk3uSCBOXef18hn9XIHwLHhE [hidden email] (RSA)
                                                          ^^^^^^

In both cases, there must be “id_pvt” instead, so I know
which key is which.


-- System Information:
Debian Release: bullseye/sid
  APT prefers buildd-unstable
  APT policy: (500, 'buildd-unstable'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages openssh-client depends on:
ii  adduser           3.118
ii  dpkg              1.19.7
ii  libc6             2.28-10
ii  libedit2          3.1-20190324-1
ii  libgssapi-krb5-2  1.17-6
ii  libselinux1       2.9-2+b2
ii  libssl1.1         1.1.1c-1
ii  passwd            1:4.7-2
ii  zlib1g            1:1.2.11.dfsg-1+b1

Versions of packages openssh-client recommends:
ii  xauth  1:1.0.10-1

Versions of packages openssh-client suggests:
pn  keychain                  <none>
ii  kwalletcli [ssh-askpass]  3.02-1
pn  libpam-ssh                <none>
pn  monkeysphere              <none>

-- no debconf information

Hallo Thorsten Glaser,

I think this bug can be closed.

20.08.19 23:23 Thorsten Glaser:

> Timo Weingärtner dixit:
> >If
> >
> >$ file .ssh/id_pvt
>
> >shows "OpenSSH private key" (instead of "PEM RSA private key") try:
> Oh, indeed, it does.
>
> tglase@tglase-nb:~ $ file .ssh/id_!(*.*)
> .ssh/id_maven: PEM RSA private key
> .ssh/id_pvt:   OpenSSH private key
> .ssh/id_rsa:   PEM RSA private key
>
> >$ ssh-keygen -c -C id_pvt -f .ssh/id_pvt
> >
> >to change the embedded comment. The new private key storage format
> >contains an own comment.
>
> Didn’t even know they had a new private key format… which is very
> opaque…
It looks like RFC 4251 data structures, at least after "openssh-key-v1".

> … this worked, but the key comment for the PEM keys is also
> completely ignored, and they’re listed with pathname instead.

The old PEM format does not include a key comment, so ssh-add sends the file
name as comment to the agent; it doesn't even look at the public key file.


Grüße
Timo

signature.asc (849 bytes) Download Attachment