bugzilla-daemon at bugzilla.mindrot.org
2017-Jan-21 07:14 UTC
[Bug 2667] New: ssh-add does not display key comments for the first key added
https://bugzilla.mindrot.org/show_bug.cgi?id=2667
Bug ID: 2667
Summary: ssh-add does not display key comments for the first
key added
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5
Component: ssh-add
Assignee: unassigned-bugs at mindrot.org
Reporter: aaronmdjones at gmail.com
When adding multiple keys to an agent, ssh-add(1) does not print the
comment for the first key (instead printing its path).
Like so:
```
aaron at saiga ~ $ ssh-add -D
All identities removed.
aaron at saiga ~ $ ssh-add
Enter passphrase for /home/aaron/.ssh/id_rsa:
Identity added: /home/aaron/.ssh/id_rsa (/home/aaron/.ssh/id_rsa)
Identity added: /home/aaron/.ssh/id_ed25519 (Aaron M. D. Jones
<aaronmdjones at gmail.com>)
aaron at saiga ~ $
```
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Mar-10 03:25 UTC
[Bug 2667] ssh-add does not display key comments for the first key added
https://bugzilla.mindrot.org/show_bug.cgi?id=2667
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
What's happening here is that the ed25519 key is a new-style OpenSSH
format private key that contains the comment where ssh-add can easily
get at it, and the RSA key is an olde-style PEM format that doesn't.
We could in theory go looking for the comment in the private key's
corresponding .pub file if it exists, but it complicates key loading
considerably - we'd need to find the file, read and parse it and check
that it matched the private key. I don't think we want to do this.
You could try converting your RSA key to a new-style one while
re-specifying the comment (ssh-keygen -opf /path -C "your comment").
The new key format offers better protection against passphrase cracking
too.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Mar-10 04:20 UTC
[Bug 2667] ssh-add does not display key comments for the first key added
https://bugzilla.mindrot.org/show_bug.cgi?id=2667
Aaron Jones <aaronmdjones at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|WONTFIX |---
--- Comment #2 from Aaron Jones <aaronmdjones at gmail.com> ---
I migrated all of my keys to the new format more than a year ago.
Just incase I forgot one, though, I checked:
aaron at saiga ~/.ssh $ head -n1 id_rsa
-----BEGIN OPENSSH PRIVATE KEY-----
But I tried anyway:
aaron at saiga ~/.ssh $ ssh-keygen -a 128 -opf id_rsa -C "Aaron M. D.
Jones <aaronmdjones at gmail.com>"
Enter old passphrase:
Key has comment 'Aaron M. D. Jones <aaronmdjones at gmail.com>'
Enter new passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved with the new passphrase.
aaron at saiga ~/.ssh $ head -n1 id_rsa
-----BEGIN OPENSSH PRIVATE KEY-----
And the problem persists:
aaron at saiga ~/.ssh $ ssh-add -D
All identities removed.
aaron at saiga ~/.ssh $ ssh-add
Enter passphrase for /home/aaron/.ssh/id_rsa:
Identity added: /home/aaron/.ssh/id_rsa (/home/aaron/.ssh/id_rsa)
Identity added: /home/aaron/.ssh/id_ed25519 (Aaron M. D. Jones
<aaronmdjones at gmail.com>)
Something else is going on.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Apr-28 04:13 UTC
[Bug 2667] ssh-add does not display key comments for the first key added
https://bugzilla.mindrot.org/show_bug.cgi?id=2667 --- Comment #3 from Damien Miller <djm at mindrot.org> --- I can't replicate that behaviour with either 7.2p2 or -current. If I create my RSA key as an old-style key I get output that matches yours. [djm at djm .ssh]$ ssh-keygen -t rsa -C comment -N '' -qf ~/.ssh/id_rsa [djm at djm .ssh]$ ssh-keygen -t ed25519 -C comment -N '' -qf ~/.ssh/id_ed25519 [djm at djm .ssh]$ ssh-add Identity added: /home/djm/.ssh/id_rsa (/home/djm/.ssh/id_rsa) Identity added: /home/djm/.ssh/id_ed25519 (comment) If I create it as a new-style key then I see the expected output: [djm at djm .ssh]$ ssh-add -D All identities removed. [djm at djm .ssh]$ ssh-keygen -ot rsa -C comment -N '' -qf ~/.ssh/id_rsa /home/djm/.ssh/id_rsa already exists. Overwrite (y/n)? y [djm at djm .ssh]$ ssh-add Identity added: /home/djm/.ssh/id_rsa (comment) Identity added: /home/djm/.ssh/id_ed25519 (comment) What version OpenSSH are you using? Did you compile from source or are you using a vendor package. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Apr-28 07:19 UTC
[Bug 2667] ssh-add does not display key comments for the first key added
https://bugzilla.mindrot.org/show_bug.cgi?id=2667 --- Comment #4 from Aaron Jones <aaronmdjones at gmail.com> --- (In reply to Damien Miller from comment #3)> I can't replicate that behaviour with either 7.2p2 or -current. > > If I create my RSA key as an old-style key I get output that matches > yours. > > If I create it as a new-style key then I see the expected output: > > What version OpenSSH are you using? Did you compile from source or > are you using a vendor package.I have no idea what actual version I'm using because it was provided by my distributor (Linux Mint, Debian Edition, Cinnamon amd64, up-to-date) The version output is $ ssh -V OpenSSH_6.7p1 Debian-5+deb8u3, OpenSSL 1.0.1t 3 May 2016 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Jun-09 04:48 UTC
[Bug 2667] ssh-add does not display key comments for the first key added
https://bugzilla.mindrot.org/show_bug.cgi?id=2667
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution|--- |WORKSFORME
--- Comment #5 from Damien Miller <djm at mindrot.org> ---
Closing: whatever is going on, it doesn't seem to be going on with the
current version.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Apr-06 02:26 UTC
[Bug 2667] ssh-add does not display key comments for the first key added
https://bugzilla.mindrot.org/show_bug.cgi?id=2667
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #6 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after release of OpenSSH 7.7.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
Apparently Analagous Threads
- OpenSSH private key format errors with LibreSSL 2.7
- ability to select which identity to forward when using "ForwardAgent" ?
- How to tell if key is encrypted?
- ssh-keygen between SuSE and FreeBSD
- [Bug 2714] New: Allow specifying a key description when loading from stdin