openssh bugs - Mar 2017 - [Bug 2695] New: inconsistent outout of "ssh.add -l" between ed25519 and rsa keys

https://bugzilla.mindrot.org/show_bug.cgi?id=2695

            Bug ID: 2695
           Summary: inconsistent outout of "ssh.add -l" between
ed25519
                    and rsa keys
           Product: Portable OpenSSH
           Version: 7.3p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: ssh-add
          Assignee: unassigned-bugs at mindrot.org
          Reporter: toralf.foerster at gmx.de

$ ssh-add -l
256 SHA256:H7Rl8OShjUdLmaItsuIBt6sg44mhm6WLpXDoAAGVYck tfoerste at t44
(ED25519)
4096 SHA256:0x+umkyb9RYASDtNJ+280PII+2aFbmyAMDvIwNgh6bM
/home/tfoerste/.ssh/id_rsa-github (RSA)
4096 SHA256:shLZ2PU4MGlaz4JZ5jSWXVp/waiXgKtEdH/fOWuvzdQ
/home/tfoerste/.ssh/id_rsa-kvm (RSA)
2048 SHA256:JOyhKxIGyKw/lTmuNUELgylq4lyHQt1WD5us3jCwZs4
/home/tfoerste/.ssh/id_rsa-n22 (RSA)


The later 3 contains the file name, but not the first.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2695

Toralf F??rster <toralf.foerster at gmx.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|inconsistent outout of      |inconsistent output of
                   |"ssh.add -l" between        |"ssh.add
-l" between
                   |ed25519 and rsa keys        |ed25519 and rsa keys

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2695

James Cloos <cloos at jhcloos.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |cloos at jhcloos.com

--- Comment #1 from James Cloos <cloos at jhcloos.com> ---
This affects -L, too.

The -L output for ssh-ed25519 looks just like the .pub file's contents;
for ssh-rsa and ecdsa-sha2-nistp256 -L replaces the comment with the
filename.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2695

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
         Resolution|---                         |WONTFIX
             Status|NEW                         |RESOLVED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
This is due to ed25519 keys using the new OpenSSH-specific storage
format that retains the key comment, and other key types by default
using PEM that doesn't.

You can force the use of the new format by specifying the -o option to
ssh-keygen when creating keys or resetting existing keys passphrases.
E.g. "ssh-keygen -pof /path/key -C comment" can be used to upgrade a
PEM format to an OpenSSH format and baking in the key comment at the
same time.

At some future time, we'll make the OpenSSH format the default.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2695

--- Comment #3 from James Cloos <cloos at jhcloos.com> ---
The output should still include the filenames from which the key(s)
were loaded, even if that requires changes in how the agent internally
stores the keys.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2695

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
That's not really possible without modifying the agent protocol - it
only supports a single key comment. We substitute the key's path if we
don't get one from the key, but displaying both comment from the key
and path would require either 1) we change the protocol or 2) we munge
the key comment to include both.

I consider #1 too little benefit for a costly (and slow to deploy)
change. #2 is pretty ugly and breaks the transparency of ssh-keygen.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2695

--- Comment #5 from Damien Miller <djm at mindrot.org> ---
err, I meant "breaks the transparency of ssh-add"

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2695

--- Comment #6 from James Cloos <cloos at jhcloos.com> ---
I see.

I would be useful were a future version of the agent protocol to
support passing the filename in addition to what is current passed.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2695

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #7 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after release of OpenSSH 7.7.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.