ssh-add 6.7 inserts RSA keys into the ssh-agent as "rsa w/o comment" instead of filenames
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Nov 5 01:57:05 EST 2014
Hi OpenSSH folks--
as of version 6.7 (the first version i noticed this in), it looks to me
like adding ssh keys to ssh-agent marks them all as "rsa w/o comment",
instead of putting the filename as the comment.
This appears to be because of the key function overhaul in
8668706d0f52654fe64c0ca41a96113aeab8d2b8.
ssh-add.c loads the secret keys via library-like invocations of
functions in sshkey.c, and if the comment returned is NULL, it sets the
comment to be the filename.
But in practice, these functions now return "rsa w/o comment" as the
comment, so the filename never gets applied as a comment.
Possible ways to fix:
* One fix would be to have the functions return a NULL for the comment.
* Another fix would be to have ssh-add just override the comment
explicitly.
* A third fix would be to pass a "proposed comment" into the
library-like call, which could be overridden by future versions if
they're aware of a superior comment after having parsed the key.
I also note that there is no way for a user of ssh-add to explicitly set
the comment directly -- adding something like that would be a distinct
feature, i think.
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20141104/a4de9770/attachment.bin>
More information about the openssh-unix-dev
mailing list