openssh bugs - Dec 2015 - [Bug 2514] New: Usability: Key filenames / extensions make sharing private key likely.

https://bugzilla.mindrot.org/show_bug.cgi?id=2514

            Bug ID: 2514
           Summary: Usability: Key filenames / extensions make sharing
                    private key likely.
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: minor
          Priority: P5
         Component: Miscellaneous
          Assignee: unassigned-bugs at mindrot.org
          Reporter: warren at kumari.net

Public key files have an extension (.pub), private key files do not.
This makes tab completion complete to the "wrong" key file...

I *did* look for existing bugs about this, with no luck...

E.g:
In my .ssh directory there many keys. As an example:
-r--------   1 wkumari  staff   1675 Mar 13  2015 id_rsa
-r--------   1 wkumari  staff    385 Mar 13  2015 id_rsa.pub

I want to be able to use this key to login to routers and servers, so I
need to share the public key with folk / copy it to a server so I can
append it to an authorized_keys file / etc.

So, how do I do that?
Well, chances are I'm in a rush, so I do:
echo ~/.ssh/id_rs<tab> | email $someone
or 
scp ~/.ssh/id_rs<tab> server.example.com:~/tmp

....and, I've just emailed / copied off my *private* key. 

The issue here is that the private key has no extension (and the public
one does), and so tab completion helpfully completes to the private
key. This is almost *never* the right option :-P

This could be easily solved by making private keys also have an
extension (e.g id_rsa.priv or something.


To recreate issue:
1: generate a key.
2: try do something with the key file, while in a rush / juggling many
plates / being drunk. Use tab completion.
3: Feel stupid. Promise yourself you will never do this again. Go
delete the key from everywhere you've ever used it. 
4: lather, rinse, repeat.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2514

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
         Resolution|---                         |WONTFIX
             Status|NEW                         |RESOLVED

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
If we were starting from scratch then we might consider doing this
differently but changing things now will break 20+ years of workflow.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2514

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after release of OpenSSH 7.7.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.