bugzilla-daemon at bugzilla.mindrot.org
2016-May-23 00:31 UTC
[Bug 2570] New: ssh-keygen -p will convert openssh-format keyfiles back to pem, improperly?
https://bugzilla.mindrot.org/show_bug.cgi?id=2570
Bug ID: 2570
Summary: ssh-keygen -p will convert openssh-format keyfiles
back to pem, improperly?
Product: Portable OpenSSH
Version: 7.2p1
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: friedman+mindrot at splode.com
Created attachment 2816
--> https://bugzilla.mindrot.org/attachment.cgi?id=2816&action=edit
shell session log
OS: Fedora 23 x86_64
In the attached session log, I created an ecdsa key in pem format with
no password. I then use "ssh-keygen -p" to change the password (but
actually keep choosing to blank it) but add "-o" to convert the file
to
the new openssh format. After I run ssh-keygen -p again to convert the
file back to pem format, the contents of the file has changed
drastically and ssh-add can no longer read it.
This behavior occurs with ssh 6.9p1 or ssh 7.2p2 whenever it runs
against openssl 1.0.2 shared libs. When run against openssl 1.0.1
shared libs, the last pem-format key file can still be loaded.
In my real usage I had a passphrase on my keys. For the purpose of
this test I used a blank password, but I get the same behavior with or
without a password.
I don't know if the problem is that the openssh->pem conversion is
buggy or if there is an API breakage between openssl 1.0.1 and 1.0.2.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-May-23 00:37 UTC
[Bug 2570] ssh-keygen -p will convert openssh-format keyfiles back to pem, improperly?
https://bugzilla.mindrot.org/show_bug.cgi?id=2570 --- Comment #1 from Noah Friedman <friedman+mindrot at splode.com> --- In my previous comment, wherever I said "pem", pleaes substitute "RFC4716" -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-May-23 00:38 UTC
[Bug 2570] ssh-keygen -p will convert openssh-format keyfiles back to RFC4716 format, improperly?
https://bugzilla.mindrot.org/show_bug.cgi?id=2570
Noah Friedman <friedman+mindrot at splode.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|ssh-keygen -p will convert |ssh-keygen -p will convert
|openssh-format keyfiles |openssh-format keyfiles
|back to pem, improperly? |back to RFC4716 format,
| |improperly?
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2020-Mar-06 15:21 UTC
[Bug 2570] ssh-keygen -p will convert openssh-format keyfiles back to RFC4716 format, improperly?
https://bugzilla.mindrot.org/show_bug.cgi?id=2570
Oliver Ford <ojford at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ojford at gmail.com
Assignee|unassigned-bugs at mindrot.org |ojford at gmail.com
--
You are receiving this mail because:
You are watching the assignee of the bug.
Reasonably Related Threads
- [Bug 2180] New: Improve the handling of the key comment field
- getting ess/emacs to link with a remote instance of R
- Question about key file formats used by OpenSSH
- [Bug 1085] New: No warning for weird interface characters if interface contains wildcard character
- [Bug 905] New: Please support passing a filename to iptables-save