interoperability issue with agent and ecdsa-sk keys
Matthieu Herrb
matthieu at herrb.eu
Sat Jan 11 21:47:57 AEDT 2020
Hi,
It seems that some versions of ssh-agent get confused by ECDSA-SK
keys.
>From my OpenBSD-current laptop, I'm trying to do remote system
adminstration on a machine running Debian 8 with
the stock ssh package (OpenSSH_6.7p1 Debian-5+deb8u8, OpenSSL 1.0.2l
25 May 2017). I need access to a remote gitlab server to fetch files
with git, using an ED25519 key in my ssh-agent.
Once connected to the intermediate host, ssh-add -l doesn't see the
ED25519 key anymore. It says
ssh-add -l
2048 a0:80:0a:59:fe:5a:d9:f3:b1:e7:6c:57:32:8c:5c:e5 /home/matthieu/.ssh/id_rsa (RSA)
key_from_blob: invalid format
And my ED25519 key I use to authenticate against the gitlab server is
missing. Thus tring to connect to it fails.
If I remove the ECDSA-SK key from the agent before connecting to the
debian host, things work again.
Is this an oversight when the ECDSA-SK key type was added, or is it an
ancient bug in OpenSSH 6.7's agent implementation wrt unknown key
types that cannot be fixed ? (other than by updating SSH on the debian
host)
Thanks for any help / suggestion / bug fixes...
--
Matthieu Herrb
More information about the openssh-unix-dev
mailing list