[Bug 2901] New: ssh-keygen generates an invalid key sometimes
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Mon Aug 27 05:40:47 AEST 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2901
Bug ID: 2901
Summary: ssh-keygen generates an invalid key sometimes
Product: Portable OpenSSH
Version: 7.7p1
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: whissi at gentoo.org
Created attachment 3173
--> https://bugzilla.mindrot.org/attachment.cgi?id=3173&action=edit
test script to generate keys
We received the following bug report: https://bugs.gentoo.org/664384
Summary:
It looks like that `ssh-keygen -t ecdsa -b 521 -f testkey` sometimes
generates an invalid key. I.e. when when you try to change passphrase
of that newly generate key, `ssh-keygen -y -f testkey` will fail with
> Load key "testkey": invalid format
Please see the attached test script (it usually takes between 5-600
attempts).
In addition to Gentoo, I was able to reproduce the same problem on
Debian Stretch using openssh-portable 7.7p1 vanilla sources (I used
https://sourceforge.net/projects/hpnssh/files/OpenSSL-1.1%20Compatibility/
to be able to compile against Debian's OpenSSL 1.1.x version but this
shouldn't matter).
I tested against 7.8p1 and was so far unable to reproduce. According to
bisect, the error disappears with the switch to the "new" private key
format, i.e. commit
> commit ed7bd5d93fe14c7bd90febd29b858ea985d14d45
> Author: djm at openbsd.org <djm at openbsd.org>
> Date: Wed Aug 8 01:16:01 2018 +0000
>
> upstream: Use new private key format by default. This format is
>
> suported by OpenSSH >= 6.5 (released January 2014), so it should be supported
> by most OpenSSH versions in active use.
>
> It is possible to convert new-format private keys to the older
> format using "ssh-keygen -f /path/key -pm PEM".
>
But I guess the error is still present. I am just unable to change test
script to produce keys in old format.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list