Description of problem: Running ssh-keygen with -m PEM does not generate a key in PEM format. Version-Release number of selected component (if applicable): openssh-8.0p1-4 How reproducible: Every time Steps to Reproduce: 1. Run ssh-keygen -t rsa -N '' -m PEM -q -f ~/.ssh/format_pem 2. Inspect the ASN.1 structure of the key Actual results: The generated key is not PEM formatted. Expected results: The generated key to be PEM formatted Additional info: Here are some example keys generated on different versions of Fedora and openssh. https://gist.github.com/samdoran/0386c19d50aab9886d72f7844fce2494
It is not the "traditional" legacy PEM format (requiring the use of MD5 and other ancient stuff), but the standard PKCS #8 PEM format. This is not a bug, but feature.
But then this change broke paramiko, which does not support yet the new format: https://github.com/paramiko/paramiko/issues/602 https://github.com/paramiko/paramiko/blob/master/paramiko/pkey.py#L285 I know that it is annoying and newer security standard are better, but can you please reconsider this decision?
The upstream modified my proposed patch to support both formats [1], which is probably even better. I will change this to match upstream behavior: https://bugzilla.mindrot.org/show_bug.cgi?id=3013 I am sorry for an inconvenience.
FEDORA-2019-d3dfcbf0f0 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-d3dfcbf0f0
openssh-8.0p1-5.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-d3dfcbf0f0
openssh-8.0p1-5.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.