openssh bugs - Feb 2025 - [Bug 3793] New: Colon in identity file name causes 'load pubkey invalid format'

https://bugzilla.mindrot.org/show_bug.cgi?id=3793

            Bug ID: 3793
           Summary: Colon in identity file name causes 'load pubkey
                    invalid format'
           Product: Portable OpenSSH
           Version: 8.0p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: mjenki03 at gmail.com

If you use an IdentityFile in your config with a colon in it, ssh
generates a 'load pubkey "/path/to/key/namewith:init" format
error' but
then continues working anyways.

So if you have a ~/.ssh/config like so

Host hostname
  IdentityFile /home/user/.ssh/id_KEYTYPE_ISOTIMESTAMP

When you go to use it, it generates that error. If you remove the
colons from the timestamp and update the config file the error goes
away.

It's not a huge issue, hence being 'minor' and I've worked
around it by
removing the colons. I've started adding timestamps to key file names
to keep our security scanners honest. :)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3793

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
I can't replicate this problem on Debian Linux with a key named
~/.ssh/id_ed25519:12:34:56

Is it possible you are using a filesystem where the `:` character has
special meaning? Are you able to cat the file and receive the expected
contents?

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3793

Matthew Jenkins <mjenki03 at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #2 from Matthew Jenkins <mjenki03 at gmail.com> ---
(In reply to Damien Miller from comment #1)
> I can't replicate this problem on Debian Linux with a key named
> ~/.ssh/id_ed25519:12:34:56
> 
> Is it possible you are using a filesystem where the `:` character
> has special meaning? Are you able to cat the file and receive the
> expected contents?
Seems isolated to rhel8. I can't replicate it on rhel9. Both using xfs.
So wouldn't be you guys problem then.

Thanks for checking anyway!

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.