[Bug 2901] ssh-keygen generates an invalid key sometimes

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Mon Aug 27 07:13:13 AEST 2018 

https://bugzilla.mindrot.org/show_bug.cgi?id=2901

Alexander Sergeyev <sergeev917 at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |sergeev917 at gmail.com

--- Comment #1 from Alexander Sergeyev <sergeev917 at gmail.com> ---
I would like to make couple of moments clearer.

It seems there are two related problems. The first problem: when
provided an invalid passphrase, `ssh-keygen -p` (ie changing or
removing the passphrase) might log "invalid format" error instead of
the expected "incorrect passphrase supplied to decrypt private key"
error.

The following listing demonstrates this behaviour. Usage of an invalid
passphrase "x" led to "invalid format" error. It's unlikely to be true
since the key is successfully read with the correct passphrase (at the
end of the listing):

> $ ssh-keygen -p -P x -N '' -f testkey_rsa 0<&- 2>&1
> Failed to load key testkey_rsa: invalid format
> $ ssh-keygen -p -P wrongpassphrase -N '' -f testkey_rsa 0<&- 2>&1
> Failed to load key testkey_rsa: incorrect passphrase supplied to decrypt private key
> $ ssh-keygen -p -P 12345678 -N '' -f testkey_rsa 0<&- 2>&1
> Your identification has been saved with the new passphrase.

The second problem is about inability to read certain private keys. The
attached script is looping over key generation and trying to read it.
Sometimes the reading part fails with the "invalid format" message and
that is the main problem.

It's observed that key loading fails early. The script uses `ssh-keygen
-p` with an invalid passphrase to validate ability to load the private
key; `ssh-keygen` is expected to either fail right away or complain
about the wrong passphrase. Note that the first problem is interfering
here and might cause a false positive. To that end I urge you to go to
the original bug report and use the third version of the script --
which uses `ssh-keygen -y` instead of `ssh-keygen -p` and more reliable
for the purpose.

> It looks like that `ssh-keygen -t ecdsa -b 521 -f testkey` sometimes generates an invalid key.

I think it might not be the case. There is a difference between openssh
linked against openssl-1.0.2o and openssl-1.0.2p. The problematic one
is openssl-1.0.2p (newer version); openssh+openssl-1.0.2p can produce
keys which are not loadable ("invalid format"). But when afterwards
openssl is downgraded to openssl-1.0.2o -- the same key becomes
loadable. This contradicts the idea that the key is actually corrupted.
Therefore, I think the source of the problem should attributed to a
regression in either openssl or openssh integration with openssl.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list