[Bug 3190] Inconsistent handling of private keys without accompanying public keys
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Jul 17 18:00:02 AEST 2020
https://bugzilla.mindrot.org/show_bug.cgi?id=3190
--- Comment #6 from Jakub Jelen <jjelen at redhat.com> ---
(In reply to Damien Miller from comment #5)
> Created attachment 3428 [details]
> attempt to load public key from passphraseless private keys
>
> PEM doesn't include the public key in encrypted private keys'
> cleartext though, right?
right.
> IMO we could load passphrase-free keys, but we should remove their
> private elements immediately after loading.
Right. That was the idea and I think the only missing bit.
But I got a bit confused since had old openssh installed and the
handling of new format was already in master.
Your patch works fine after fixing two minor nits:
{
char *pubfile = NULL, *privcmt = NULL;
int r, oerrno;
- struct sshkey *privkey;
+ struct sshkey *privkey = NULL;
if (keyp != NULL)
*keyp = NULL;
*/
if ((r = sshkey_load_private(filename, "", &privkey, &privcmt))
== 0) {
if ((r = sshkey_from_private(privkey, keyp)) == 0) {
- if (commentp != NULL)
+ if (commentp != NULL) {
*commentp = privcmt;
privcmt = NULL; /* transferred */
}
The only ugly corner case is the removal of key from ssh-agent, which
still fails with cryptic error if the key is encrypted PEM missing
sidecar public key:
$ ssh-add -d /tmp/rsa
Bad key file /tmp/rsa: No such file or directory
Otherwise it looks good.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list