[Bug 2570] New: ssh-keygen -p will convert openssh-format keyfiles back to pem, improperly?
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Mon May 23 10:31:59 AEST 2016
https://bugzilla.mindrot.org/show_bug.cgi?id=2570
Bug ID: 2570
Summary: ssh-keygen -p will convert openssh-format keyfiles
back to pem, improperly?
Product: Portable OpenSSH
Version: 7.2p1
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: friedman+mindrot at splode.com
Created attachment 2816
--> https://bugzilla.mindrot.org/attachment.cgi?id=2816&action=edit
shell session log
OS: Fedora 23 x86_64
In the attached session log, I created an ecdsa key in pem format with
no password. I then use "ssh-keygen -p" to change the password (but
actually keep choosing to blank it) but add "-o" to convert the file to
the new openssh format. After I run ssh-keygen -p again to convert the
file back to pem format, the contents of the file has changed
drastically and ssh-add can no longer read it.
This behavior occurs with ssh 6.9p1 or ssh 7.2p2 whenever it runs
against openssl 1.0.2 shared libs. When run against openssl 1.0.1
shared libs, the last pem-format key file can still be loaded.
In my real usage I had a passphrase on my keys. For the purpose of
this test I used a blank password, but I get the same behavior with or
without a password.
I don't know if the problem is that the openssh->pem conversion is
buggy or if there is an API breakage between openssl 1.0.1 and 1.0.2.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list