similar to: [Bug 3789] New: Follow symlinks on saving keys from ssh-keygen

@Dmitry, you may get more traction by reporting this issue (with patch) at https://www.openssh.com/report.html . It can also help other folks who may be encountering the same issue. -- jmk > On Mar 3, 2023, at 02:10, Dmitry Belyavskiy <dbelyavs at redhat.com> wrote: > > ?Dear colleagues, > > Could you please take a look? > >> On Fri, Jan 20, 2023 at 12:55?PM

https://bugzilla.mindrot.org/show_bug.cgi?id=3546 Bug ID: 3546 Summary: Use SHA2 in ssh-keygen key verification Product: Portable OpenSSH Version: 8.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at

Dear colleagues, Could you please take a look? On Fri, Jan 20, 2023 at 12:55?PM Dmitry Belyavskiy <dbelyavs at redhat.com> wrote: > > Dear colleagues, > > ssh-keygen uses SHA1 algorithm (default) when verifying that the key is usable. It causes problems on recent systems where SHA1 is disabled for use with signatures (at least, RHEL 9+). > > The proposed patch enforces

https://bugzilla.mindrot.org/show_bug.cgi?id=3761 Bug ID: 3761 Summary: ssh-keygen fails for security keys without attestation Product: Portable OpenSSH Version: 9.9p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh-keygen Assignee:

Dear all, Ed25519 public keys being as small as they are is very convenient. There is an opportunity to nudge the world towards modern algorithms. I believe choices made in OpenSSH can positively impact the wider eco-system and industry. I'd like to suggest ssh-keygen to generate an Ed25519 keypair, if invoked without any arguments. OpenSSH has supported Ed25519 since version 6.5 (January

http://bugzilla.mindrot.org/show_bug.cgi?id=459 Summary: ssh-keygen doesn't know how to export private keys Product: Portable OpenSSH Version: 3.5p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh-keygen AssignedTo: openssh-unix-dev at mindrot.org

I'm trying to move from SSH1 to OpenSSH 2.9.9p2, under Solaris 8. Initial setup and testing seems to work... including the generation of a new RSA key. The key was created with "ssh-keygen -t rsa" and a passphrase; nothing unusual. I can SSH between machines, both running 2.9.9p2, and debug messages show that this file is being correctly read (I think). It prompts me for the

https://bugzilla.mindrot.org/show_bug.cgi?id=2145 Bug ID: 2145 Summary: ssh-keygen -R doesn't work when there are entries for "proxycommand" keys Product: Portable OpenSSH Version: 6.2p1 Hardware: Other OS: Linux Status: NEW Severity: trivial Priority: P5

http://bugzilla.mindrot.org/show_bug.cgi?id=566 Summary: ssh-keygen -l does not print key comment for rsa/dsa keys Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: trivial Priority: P2 Component: ssh-keygen AssignedTo:

Hi, ssh-keygen is unable to change version 2 keys' comments (this was true in 2.9p2, and the changelog doesn't make me think this has changed), so I think this should be documented. Here's a patch to ssh-keygen.1 (It's based on an ssh-keygen patched with my previous patch). Cheers, Matthew --- ssh-keygen.1.orig Thu Sep 27 20:31:48 2001 +++ ssh-keygen.1 Thu Sep 27 20:40:32 2001

Hello, I had some difficulties in order to convert private keys between different implementations of SSH. So, I wrote the following patch to allow export of SSH2 RSA and DSA private keys into IETF SECSH format. Note that I also slightly revised the IETF SECSH key import code. Usage: use of the "-e" option on a private key file generates an unencrypted private key file in IETF SECSH

ssh-keygen already supports importing and exporting ssh keys using various formats. The "-m PEM" which should have been the easiest to be used with various of external application expects PKCS#1 encoded key, while many applications use SubjectPublicKeyInfo encoded key. This change adds SubjectPublicKeyInfo support, to ease integration with applications. Examples: ## convert

https://bugzilla.mindrot.org/show_bug.cgi?id=1784 Summary: ssh-keygen fails when filename of key file contains multiple slashes Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh-keygen AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=31 stevesk at pobox.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|openssh-unix-dev at mindrot.org|stevesk at pobox.com ------- Additional Comments From stevesk at pobox.com 2001-12-11 05:09 ------- i can't explain this; i can

What I'm hearing in this thread is: "a minority of people on planet Earth have a problem with the open-source implementation of ED25519, but instead of letting that minority choose to re-implement it when/if they want to, the rest of the community needs to stall their progress in improving security." And isn't the ED25519 code is already there on their machine? So isn't

On 9/4/23 16:43, Joseph S. Testa II wrote: > I very often see IT personnel and developers simply use the default > options for ssh-keygen. They just don't care/don't know to care. > Switching the default to ED25519 would bring the equivalent security > up from 112-bits to 128-bits (as 2048-bit RSA is equivalent to 112-bits > of symmetric strength), which would be a nice

Hi, I needed to convert a public RSA key to autorized_keys format and found ssh-keygen lacking this feature. I made the option -Q publicfile to allow an conversion like ssh-keygen -Q pubrsa.pem -y The patch is produced using unified diff and made on latest release. If you like it and can make a patch for the man-page also! Regards, /Lars -------------- next part -------------- diff -u

https://bugzilla.mindrot.org/show_bug.cgi?id=2241 Bug ID: 2241 Summary: ssh-keygen -R removes matching key as well as @cert-authority Product: Portable OpenSSH Version: 6.6p1 Hardware: amd64 OS: Mac OS X Status: NEW Severity: minor Priority: P5 Component: ssh-keygen

https://bugzilla.mindrot.org/show_bug.cgi?id=3253 Bug ID: 3253 Summary: ssh-keygen man page still lists deprecated key types for -t Product: Portable OpenSSH Version: 8.4p1 Hardware: Other OS: Linux Status: NEW Severity: minor Priority: P5 Component: ssh-keygen

https://bugzilla.mindrot.org/show_bug.cgi?id=1749 Summary: ssh-keygen cant "import" a generic x509 rsa public key Product: Portable OpenSSH Version: 5.4p1 Platform: Other OS/Version: Other Status: NEW Severity: normal Priority: P2 Component: ssh-keygen AssignedTo: unassigned-bugs at