Hello OpenSSH developers, first post. I'm implementing SSH agent functionality in a program of mine, with the ability to add/remove keys files as saved by OpenSSH. So I'm trying to figure out which formats OpenSSH uses natively for the different types of keys. The only specification related to SSH key file formats I've found is RFC4716 (SSH Public Key File Format). Analysis of ssh-keygen output with varying key types shows the following four formats for which I haven't found any specification: * Something similar to RFC4716 and RFC1421, but not quite the same. Used by OpenSSH for version 2 DSA and RSA private keys. * "ssh-dss|rsa-dss [base64?] comment". Used by OpenSSH for version 2 DSA and RSA public keys. * "[keysize?] [decimal number] [more decimal numbers]". Used by OpenSSH for version 1 RSA public keys. * ASCII header line followed by binary data. Used by OpenSSH for version 1 RSA private keys. Are these formats specified somewhere, short of reading OpenSSH source code? Why not use RFC4716 natively? Best regards, Elvis Stansvik
2009/2/2, Elvis Stansvik <elvstone at gmail.com>:> Hello OpenSSH developers, first post. > > I'm implementing SSH agent functionality in a program of mine, with > the ability to add/remove keys files as saved by OpenSSH. So I'm > trying to figure out which formats OpenSSH uses natively for the > different types of keys. The only specification related to SSH key > file formats I've found is RFC4716 (SSH Public Key File Format). > > Analysis of ssh-keygen output with varying key types shows the > following four formats for which I haven't found any specification: > > * Something similar to RFC4716 and RFC1421, but not quite the same. > Used by OpenSSH for version 2 DSA and RSA private keys. > > * "ssh-dss|rsa-dss [base64?] comment". > Used by OpenSSH for version 2 DSA and RSA public keys. > > * "[keysize?] [decimal number] [more decimal numbers]". > Used by OpenSSH for version 1 RSA public keys.Sorry. Should be "[keysize?] [decimal number] [more decimal numbers] [comment]". Elvis> > * ASCII header line followed by binary data. > Used by OpenSSH for version 1 RSA private keys. > > Are these formats specified somewhere, short of reading OpenSSH source > code? Why not use RFC4716 natively? > > Best regards, > Elvis Stansvik >
On Mon, 2 Feb 2009, Elvis Stansvik wrote:> Hello OpenSSH developers, first post. > > I'm implementing SSH agent functionality in a program of mine, with > the ability to add/remove keys files as saved by OpenSSH. So I'm > trying to figure out which formats OpenSSH uses natively for the > different types of keys. The only specification related to SSH key > file formats I've found is RFC4716 (SSH Public Key File Format). > > Analysis of ssh-keygen output with varying key types shows the > following four formats for which I haven't found any specification: > > * Something similar to RFC4716 and RFC1421, but not quite the same. > Used by OpenSSH for version 2 DSA and RSA private keys.These are PEM encoded private keys as per rfc1421 - they certainly can be read and generated by OpenSSL's PEM API/tools ("openssl rsa" and so forth).> * "ssh-dss|rsa-dss [base64?] comment". > Used by OpenSSH for version 2 DSA and RSA public keys.The base64 data is a public key blob encoded as per rfc4253 section 6.6. Technically the string identifier is redundant since it is encoded in the blob too, but it is there for humans to read.> * "[keysize?] [decimal number] [more decimal numbers]". > Used by OpenSSH for version 1 RSA public keys.The format here is: bits rsa_e rsa_n optional_comment> * ASCII header line followed by binary data. > Used by OpenSSH for version 1 RSA private keys.AFAIK there is no documention for this other than the code, it is inherited from the old ssh-1.x code.> Are these formats specified somewhere, short of reading OpenSSH source > code? Why not use RFC4716 natively?The RFC4716 public key format does not work with OpenSSH's one-key-per-line authorized_keys format and so would have broken backwards compatibility. -d
On Mon, Feb 02, 2009 at 03:04:54PM +0100, Elvis Stansvik wrote:> Are these formats specified somewhere, short of reading OpenSSH source > code? Why not use RFC4716 natively?1) OpenSSH predates RFC4716 2) OpenSSH traditionally uses one-line per key in authorized keys files so I decided to use the current format. -m
Reasonably Related Threads
- [Bug 2180] New: Improve the handling of the key comment field
- [Bug 1630] New: ssh-keygen export of public keys (RFC4716 format) can include too-long lines
- Samba shows error NT Status: STATUS_OBJECT_NAME_NOT_FOUND when copying 10GB file using robocopy when ecryptfs file system shared using samba
- ssh-keygen key length mismatch?
- [PATCH 1/3] Add private key protection information extraction to ssh-keygen