[Bug 2514] New: Usability: Key filenames / extensions make sharing private key likely.

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Dec 10 11:31:43 AEDT 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=2514

            Bug ID: 2514
           Summary: Usability: Key filenames / extensions make sharing
                    private key likely.
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: minor
          Priority: P5
         Component: Miscellaneous
          Assignee: unassigned-bugs at mindrot.org
          Reporter: warren at kumari.net

Public key files have an extension (.pub), private key files do not.
This makes tab completion complete to the "wrong" key file...

I *did* look for existing bugs about this, with no luck...

E.g:
In my .ssh directory there many keys. As an example:
-r--------   1 wkumari  staff   1675 Mar 13  2015 id_rsa
-r--------   1 wkumari  staff    385 Mar 13  2015 id_rsa.pub

I want to be able to use this key to login to routers and servers, so I
need to share the public key with folk / copy it to a server so I can
append it to an authorized_keys file / etc.

So, how do I do that?
Well, chances are I'm in a rush, so I do:
echo ~/.ssh/id_rs<tab> | email $someone
or 
scp ~/.ssh/id_rs<tab> server.example.com:~/tmp

....and, I've just emailed / copied off my *private* key. 

The issue here is that the private key has no extension (and the public
one does), and so tab completion helpfully completes to the private
key. This is almost *never* the right option :-P

This could be easily solved by making private keys also have an
extension (e.g id_rsa.priv or something.


To recreate issue:
1: generate a key.
2: try do something with the key file, while in a rush / juggling many
plates / being drunk. Use tab completion.
3: Feel stupid. Promise yourself you will never do this again. Go
delete the key from everywhere you've ever used it. 
4: lather, rinse, repeat.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list