openssh bugs - May 2017 - [Bug 2714] New: Allow specifying a key description when loading from stdin

https://bugzilla.mindrot.org/show_bug.cgi?id=2714

            Bug ID: 2714
           Summary: Allow specifying a key description when loading from
                    stdin
           Product: Portable OpenSSH
           Version: 7.5p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-add
          Assignee: unassigned-bugs at mindrot.org
          Reporter: sascha-openssh-bugs at silbe.org

As a work-around for #2713, we're currently loading a private key file
from stdin with ssh-add:

ssh-add - < foo/id_rsa

The key will end up as an "anonymous" entry in "ssh-add -l"
output:

sascha.silbe at twin:~$ ssh-add -l
2048 d8:9f:1f:cc:f6:7b:d9:cb:ad:43:6c:c8:ea:13:09:4f Sascha Silbe
<sascha-pgp at silbe.org> (RSA)
4096 79:22:5b:b8:3c:d1:f4:b0:95:df:0a:8e:43:10:75:d3 rsa w/o comment
(RSA)

This makes it hard for humans to distinguish / recognise the keys and
is potentially confusing.

Since loading keys from stdin is likely useful in more cases than just
as a work-around for #2713, it would be good to have an option to
specify a description when adding a key.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2714

Jakub Jelen <jjelen at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jjelen at redhat.com

--- Comment #1 from Jakub Jelen <jjelen at redhat.com> ---
The private key (in old format) does not have the comment in the file
structure, nor the ssh-add knows the filename of the private key to
pick the comment from the associated public key (by adding the .pub to
the filename).

You can simply use the new OpenSSH format, which has the comment
embedded and works in this use case flawlessly:

$ ssh-keygen -t rsa -o -f id_rsa
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in id_rsa.
Your public key has been saved in id_rsa.pub.
The key fingerprint is:
SHA256:a70xCiekGbgR7bJdVQk/BUykE21q/jqD7TggnYNmLmY
jjelen at jjelen.redhat.com
The key's randomart image is:
+---[RSA 2048]----+
|        o*=o.    |
|   .     ==.     |
|  . .   +oo      |
|   +   .o. .     |
|  +oo.ooS        |
|  =*=*  .o       |
| +o.+ooo+.+      |
|.E.   o*+..+     |
|o.    .o++.      |
+----[SHA256]-----+
$ eval `ssh-agent`
Agent pid 10614
$ ssh-add - < id_rsa
Identity added: (stdin) (jjelen at jjelen.redhat.com)
$ ssh-add -l
2048 SHA256:a70xCiekGbgR7bJdVQk/BUykE21q/jqD7TggnYNmLmY
jjelen at jjelen.redhat.com (RSA)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2714

Sascha Silbe <sascha-openssh-bugs at silbe.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WORKSFORME

--- Comment #2 from Sascha Silbe <sascha-openssh-bugs at silbe.org> ---
After using "-o" with every ssh-keygen operation (setting comment,
changing/removing passphrase), at least ssh-agent now shows the
comment, thanks. gpg-agent in SSH emulation mode still only shows "rsa
w/o comment" but that may be a problem with gpg-agent rather than the
OpenSSH client.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2714

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.