[Bug 2788] New: ssh(1) man page should note id_rsa encryption now uses AES, not 3DES
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Oct 4 23:00:16 AEDT 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2788
Bug ID: 2788
Summary: ssh(1) man page should note id_rsa encryption now uses
AES, not 3DES
Product: Portable OpenSSH
Version: 7.6p1
Hardware: Other
URL: https://bugs.debian.org/614818
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: Documentation
Assignee: unassigned-bugs at mindrot.org
Reporter: cjwatson at debian.org
In https://bugs.debian.org/614818, Calum Mackay reported the following,
and I've checked that this is still the case in 7.6p1:
In the FILES section of ssh(1), it says:
~/.ssh/id_rsa
Contains the private key for authentication. These files
contain
sensitive data and should be readable by the user but not
acces‐
sible by others (read/write/execute). ssh will simply
ignore a
private key file if it is accessible by others. It is
possible
to specify a passphrase when generating the key which will
be
used to encrypt the sensitive part of this file using
3DES.
However, in a recent release, ssh-keygen has switched to using AES, not
3DES, to encrpyt the private key. This is noted in the ssh-keygen(1)
page,
in this same pkg:
~/.ssh/id_rsa
Contains the protocol version 2 DSA, ECDSA or RSA
authentication
identity of the user. This file should not be readable by
anyone
but the user. It is possible to specify a passphrase when
gener‐
ating the key; that passphrase will be used to encrypt the
pri‐
vate part of this file using 128-bit AES. [...]
This section should probably be the same across both man pages.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list