bugzilla-daemon at bugzilla.mindrot.org
2018-Apr-07 03:37 UTC
[Bug 2853] New: PROTOCOL document should describe deviation of public key format from RFC spec
https://bugzilla.mindrot.org/show_bug.cgi?id=2853
Bug ID: 2853
Summary: PROTOCOL document should describe deviation of public
key format from RFC spec
Product: Portable OpenSSH
Version: 7.6p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: Documentation
Assignee: unassigned-bugs at mindrot.org
Reporter: eric_wade_brown at yahoo.com
The SecureShell specification RFC 4716 documents a public key format
for persisting public key files. See
https://tools.ietf.org/html/rfc4716
However, the PROTOCOL documentation
(https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL?annotate=HEAD)
does not state how OpenSSH does not use this format. Instead it
creates public key files i n a format similar to the encoded data
stated in RFC 4253.
I think a small note about the difference would be beneficial.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Aug-10 00:44 UTC
[Bug 2853] PROTOCOL document should describe deviation of public key format from RFC spec
https://bugzilla.mindrot.org/show_bug.cgi?id=2853
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2852
Status|NEW |RESOLVED
CC| |djm at mindrot.org
Resolution|--- |FIXED
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Added this section to PROTOCOL, it will be included in the openssh-7.8
release:
4. Miscellaneous changes
4.1 Public key format
OpenSSH public keys, as generated by ssh-keygen(1) and appearing in
authorized_keys files, are formatted as a single line of text
consisting
of the public key algorithm name followed by a base64-encoded key blob.
The public key blob (before base64 encoding) is the same format used
for
the encoding of public keys sent on the wire: as described in RFC4253
section 6.6 for RSA and DSA keys, RFC5656 section 3.1 for ECDSA keys
and the "New public key formats" section of PROTOCOL.certkeys for the
OpenSSH certificate formats.
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2852
[Bug 2852] Tracking bug for OpenSSH 7.8 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Aug-10 01:04 UTC
[Bug 2853] PROTOCOL document should describe deviation of public key format from RFC spec
https://bugzilla.mindrot.org/show_bug.cgi?id=2853
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
--- Comment #2 from Darren Tucker <dtucker at dtucker.net> ---
I also added a note to https://www.openssh.com/specs.html that RFC4716
is only supported bu ssh-keygen for key import and export.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Oct-19 06:17 UTC
[Bug 2853] PROTOCOL document should describe deviation of public key format from RFC spec
https://bugzilla.mindrot.org/show_bug.cgi?id=2853
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Close RESOLVED bugs with the release of openssh-8.0
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Oct-19 07:01 UTC
[Bug 2853] PROTOCOL document should describe deviation of public key format from RFC spec
https://bugzilla.mindrot.org/show_bug.cgi?id=2853 --- Comment #4 from Eric Brown <eric_wade_brown at yahoo.com> --- Looks like the new comment added has dead links for ssh-keygen It links to: http://man.openbsd.org/keygen.1 Instead of: http://man.openbsd.org/ssh-keygen.1 And same issue appears in section 4.2 Private key format -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.