bugzilla-daemon at mindrot.org
2012-Nov-01 14:37 UTC
[Bug 2046] New: ssh-add -d does not drop certificate
https://bugzilla.mindrot.org/show_bug.cgi?id=2046 Priority: P5 Bug ID: 2046 Assignee: unassigned-bugs at mindrot.org Summary: ssh-add -d does not drop certificate Severity: trivial Classification: Unclassified OS: Linux Reporter: ondrej at caletka.cz Hardware: All Status: NEW Version: 6.1p1 Component: ssh-add Product: Portable OpenSSH When using ssh-add -d to drop keys previously learned by invoking ssh-add without arguments, only raw key is dropped even if there is also a certificate in ~/.ssh/id_rsa-cert.pub. As I see the purpose of -d switch is to undo previous ssh-add command, I think the correct behaviour is to drop the certificate as well. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2012-Nov-08 23:49 UTC
[Bug 2046] ssh-add -d does not drop certificate
https://bugzilla.mindrot.org/show_bug.cgi?id=2046 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org Attachment #2193| |ok?(dtucker at zip.com.au) Flags| | --- Comment #1 from Damien Miller <djm at mindrot.org> --- Created attachment 2193 --> https://bugzilla.mindrot.org/attachment.cgi?id=2193&action=edit Make ssh-add -d remove certificate too Right. It is possible to remove a cert by explicitly listing its *-cert.pub file, but this isn't symmetric with ssh-add's behaviour and is therefore not what users would reasonably expect. This patch makes ssh-add -d remove both the plain key and the corresponding certificate. It also makes -d respect the recently-added -k option to allow selectively removing just the key. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2012-Nov-29 02:04 UTC
[Bug 2046] ssh-add -d does not drop certificate
https://bugzilla.mindrot.org/show_bug.cgi?id=2046 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2035 -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2012-Dec-03 00:01 UTC
[Bug 2046] ssh-add -d does not drop certificate
https://bugzilla.mindrot.org/show_bug.cgi?id=2046 --- Comment #2 from Damien Miller <djm at mindrot.org> --- Applied - this will be in openssh-6.2, due early next year -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2012-Dec-03 00:02 UTC
[Bug 2046] ssh-add -d does not drop certificate
https://bugzilla.mindrot.org/show_bug.cgi?id=2046 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2013-Mar-22 01:02 UTC
[Bug 2046] ssh-add -d does not drop certificate
https://bugzilla.mindrot.org/show_bug.cgi?id=2046 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #3 from Damien Miller <djm at mindrot.org> --- mark bugs closed by openssh-6.2 release as CLOSED -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Jan-13 02:37 UTC
[Bug 2046] ssh-add -d does not drop certificate
https://bugzilla.mindrot.org/show_bug.cgi?id=2046 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2193|ok?(dtucker at dtucker.net) | Flags| | -- You are receiving this mail because: You are watching the assignee of the bug.
Apparently Analagous Threads
- [Bug 2039] New: Give proper credits for ECDSA patch
- [Bug 2040] New: Downgrade attack vulnerability when checking SSHFP records
- [Bug 2041] New: Check for SSHFP when certificate is offered.
- [Bug 2603] New: Build with ldns and without kerberos support fails if ldns compiled with kerberos support
- [Bug 2035] New: Bugs intended to be fixed in 6.2