Launchpad itself

OpenSSH PKCS12-based public keys are invalid for LP

Bug #1074665 reported by Leonardo Silva Amaral on 2012-11-03

This bug report is a duplicate of: Bug #60601: Add an ssh key should allow adding a key without comments. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Launchpad itself	Incomplete	Undecided	Unassigned

Bug Description

This key is considered invalid for Launchpad:

leonardo@betty:/media/leonardo/LELEO/Chaves/SSH/Pessoal_CACert$ openssl pkcs12 -in /media/leonardo/LELEO/Chaves/Leonardo\ Silva\ Amaral.p12 -out id_rsa
Enter Import Password:
MAC verified OK
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
leonardo@betty:/media/leonardo/LELEO/Chaves/SSH/Pessoal_CACert$ ssh-keygen -y
Enter file in which the key is (/home/leonardo/.ssh/id_rsa): ./id_rsa
Enter passphrase:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDzXnxn8fKAJr34tEBvt1sf7dag7+G0y2QXmyXjV/r4sW1hweYlMhylDKQaHXjiJWE+gqKRyarFGqEDYfcdFBUGjskxkE5VoFIljqz5eTaer/w1jytPTRvRE1It9kAyzltFzHWQnrO69UBmXIW71ibimLxm65mwhvC1KlliuxG4mA25pzwEiQC9I2uuFNy+8m47iZkOJ3wvXGq0XvZACpf6AzO2iZchpQyZVlaeWBN44TOKeO2RaCtlcj/WimxxQdzjiNP/IOvp7rnTngk64OOovOoxvPwu/mjU2INEfP6ah9kMKhHi6c/8S6xB48eyGqxOervXCSq952b/q4fiz395

This procedure is documented http://wiki.cacert.org/Technology/KnowledgeBase/ClientCerts#OpenSSH

Revision history for this message

William Grant (wgrant) wrote on 2012-11-03:

SSH public keys usually have a comment field at the end, but it seems that ssh-keygen -y omits it. Try adding a space and then some key text after the key data.

no longer affects:	lp-dev-utils
Changed in launchpad:
status:	New → Incomplete

Revision history for this message

Leonardo Silva Amaral (leleobhz) wrote on 2012-11-04:

William, really worked after a comment, but im thinking if the comment field isnt fully optional. The RFC 4716 refer as SHOULD, but ssh-keygen [1] just returns NULL to comment if it isnt present in command-line.

[1]: http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-keygen.c?rev=1.218;content-type=text%2Fx-cvsweb-markup

Revision history for this message

William Grant (wgrant) wrote on 2012-11-04:

RFC4716 specifies a different encoding; we use the traditional and almost universal OpenSSH authorized_keys format, in which the comment is a mandatory field. From the authorized_keys section of the OpenSSH manpage:

  Protocol 2 public key consist of: options, keytype, base64-encoded
  key, comment. The options field is optional; its presence is
  determined by whether the line starts with a number or not (the
  options field never starts with a number)."

Despite the field being mandatory, OpenSSH seems to function without a comment. But it's rather uncommon and not something that Launchpad supports today.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #60601 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.