1636706 – libssh 0.8.3 no longer reads PKCS8 keys

Bug 1636706 - libssh 0.8.3 no longer reads PKCS8 keys

Summary: libssh 0.8.3 no longer reads PKCS8 keys

Keywords:
Status:	CLOSED DUPLICATE of bug 1632902
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libssh
Sub Component:
Version:	28
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Andreas Schneider
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-10-07 05:44 UTC by Rick
Modified:	2019-02-07 14:40 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2019-02-07 14:40:57 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Rick 2018-10-07 05:44:22 UTC

Description of problem:

Can't load my private key any more.  `ssh-add` errors out with:

Error loading key "/home/user/.ssh/id_rsa": invalid format

Version-Release number of selected component (if applicable):

libssh: 0.8.3-2.fc28

How reproducible:

Always

Steps to Reproduce:
1. Install fedora 28 stock
2. create a random ssh keypair
3. convert private key into PKCS8 format
4. Try to load key using ssh-add

Actual results:

Error loading key (path to key): invalid format

Expected results:

Identity added: id_rsa

Additional info:

This private key is a couple years old, and worked in fedora 24 through 28 until what I presume is the newest libssh upgrade that was made a week ago.

I tested it by using `openssl pkcs8 -in id_rsa -out id_rsa.clear -traditional` and then `ssh-add` was able to load the key immediately.

I get that not many people use this key format, but it's been advised as a security precaution for years, as the default RFC format for SSH private keys can be brute-forced rather quickly despite being "encrypted."

It's also a regression, and should probably be fixed. :)

Closest bug I found was this, reported a couple months ago: https://bugzilla.redhat.com/show_bug.cgi?id=1610222

Comment 1 Rick 2018-10-07 05:53:33 UTC

Crisis averted, I used the new openssh key format (Which appears to be the default now, nice) and converted by private key: `ssh-keygen -p -f id_rsa.clear -a 500` which probably obviates the need for PKCS8 style keys based on my reading of things: https://www.tedunangst.com/flak/post/new-openssh-key-format-and-bcrypt-pbkdf

Still, this was a *very* unpleasant surprise, and AFAICT, not documented anywhere.

Also, the default number of rounds is probably too low at 16, and using something on the order of `-a 500` (or higher!) with `ssh-keygen -p` is advised.

Comment 2 Rick 2018-10-07 05:58:39 UTC

also, in "steps to reproduce", the following should be appended:

5. key works
6, `dnf update libssh`
7. try to load key using ssh-add.
8. Key fails to load.

Comment 3 Jakub Jelen 2018-10-08 10:35:29 UTC

ssh-add is not using libssh at all. This sounds like a duplicate of a bug #1632902 in OpenSSH or OpenSSL, which changed a behavior in one of the latest updates ragards the zero-length passphrases.

Comment 4 Anderson Sasaki 2019-02-07 14:40:57 UTC

Thanks for reporting this bug. As pointed in comment 3, ssh-add does not use libssh at all, so libssh can't be the culprit of the issue.
Most likely the issue is a duplicate of bug #1632902, so I'll close as duplicate.

Please reopen the bug if the problem persists even after updating openssh to the newest version.

*** This bug has been marked as a duplicate of bug 1632902 ***

Note You need to log in before you can comment on or make changes to this bug.