[Bug 2514] New: Usability: Key filenames / extensions make sharing private key likely.
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Thu Dec 10 11:31:43 AEDT 2015
https://bugzilla.mindrot.org/show_bug.cgi?id=2514
Bug ID: 2514
Summary: Usability: Key filenames / extensions make sharing
private key likely.
Product: Portable OpenSSH
Version: -current
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at mindrot.org
Reporter: warren at kumari.net
Public key files have an extension (.pub), private key files do not.
This makes tab completion complete to the "wrong" key file...
I *did* look for existing bugs about this, with no luck...
E.g:
In my .ssh directory there many keys. As an example:
-r-------- 1 wkumari staff 1675 Mar 13 2015 id_rsa
-r-------- 1 wkumari staff 385 Mar 13 2015 id_rsa.pub
I want to be able to use this key to login to routers and servers, so I
need to share the public key with folk / copy it to a server so I can
append it to an authorized_keys file / etc.
So, how do I do that?
Well, chances are I'm in a rush, so I do:
echo ~/.ssh/id_rs<tab> | email $someone
or
scp ~/.ssh/id_rs<tab> server.example.com:~/tmp
....and, I've just emailed / copied off my *private* key.
The issue here is that the private key has no extension (and the public
one does), and so tab completion helpfully completes to the private
key. This is almost *never* the right option :-P
This could be easily solved by making private keys also have an
extension (e.g id_rsa.priv or something.
To recreate issue:
1: generate a key.
2: try do something with the key file, while in a rush / juggling many
plates / being drunk. Use tab completion.
3: Feel stupid. Promise yourself you will never do this again. Go
delete the key from everywhere you've ever used it.
4: lather, rinse, repeat.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list