openssh bugs - Nov 2014 - [Bug 2306] New: ssh-add 6.7 inserts RSA keys into the ssh-agent as "rsa w/o comment" instead of filenames

https://bugzilla.mindrot.org/show_bug.cgi?id=2306

            Bug ID: 2306
           Summary: ssh-add 6.7 inserts RSA keys into the ssh-agent as
                    "rsa w/o comment" instead of filenames
           Product: Portable OpenSSH
           Version: 6.7p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh-add
          Assignee: unassigned-bugs at mindrot.org
          Reporter: dkg at fifthhorseman.net

as of version 6.7 (the first version i noticed this in), it looks to me
like adding ssh keys to ssh-agent marks them all as "rsa w/o comment",
instead of putting the filename as the comment.

This appears to be because of the key function overhaul in
8668706d0f52654fe64c0ca41a96113aeab8d2b8.

ssh-add.c loads the secret keys via library-like invocations of
functions in sshkey.c, and if the comment returned is NULL, it sets the
comment to be the filename.

But in practice, these functions now return "rsa w/o comment" as the
comment, so the filename never gets applied as a comment.

Possible ways to fix:

 * One fix would be to have the functions return a NULL for the
comment.

 * Another fix would be to have ssh-add just override the comment
   explicitly. 

 * A third fix would be to pass a "proposed comment" into the
   library-like call, which could be overridden by future versions if
   they're aware of a superior comment after having parsed the key.

I also note that there is no way for a user of ssh-add to explicitly
set
the comment directly -- adding something like that would be a distinct
feature, i think.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2306

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2266
                 CC|                            |djm at mindrot.org
             Status|NEW                         |ASSIGNED

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2306

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|ASSIGNED                    |RESOLVED

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Fixed:

commit 1195f4cb07ef4b0405c839293c38600b3e9bdb46
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Thu Jan 8 10:14:08 2015 +0000

    upstream commit

    deprecate key_load_private_pem() and
     sshkey_load_private_pem() interfaces. Refactor the generic key
loading API to
     not require pathnames to be specified (they weren't really used).

    Fixes a few other things en passant:

    Makes ed25519 keys work for hostbased authentication (ssh-keysign
    previously used the PEM-only routines).

    Fixes key comment regression bz#2306: key pathnames were being lost
as
    comment fields.

    ok markus@

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2306

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
openssh-6.8 is released

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2306

Vincent Lefevre <vincent-openssh at vinc17.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |vincent-openssh at vinc17.net

--- Comment #3 from Vincent Lefevre <vincent-openssh at vinc17.net> ---
*** Bug 2442 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.