Ubuntu unable to handle ssh keys with PBKDF
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| GNOME Keyring |
Fix Released
|
Medium
|
|||
| gnome-keyring (Ubuntu) |
Triaged
|
Low
|
Unassigned | ||
Bug Description
Today I wanted to upgrade the security of my SSH keys to use PBKDF. After struggling with ssh-agent I realised that either Gnome Keyring was unable to handle the new ssh key or it was a problem with ssh-agent.
After troubleshooting historic bugs with ssh-agent I was unable to make it work. It always returned the error "Agent admitted failure to sign using the key on big endian machines"
The problem seems to be that Gnome Keyring is unable to handle the complex newly encoded passphrase.
Steps to reproduce:
1. Create a SSH key with PBKDF
ssh-keygen -b 4096 -o -a 500
2. Either overwrite or create new keys with default identity id_rsa
3. Protect it with a strong password (256-But Hex Key)
4. Delete previous keys stored by ssh-agent
ssh-add -D (for manual entries)
ssh-add -d (for automatic entries)
5. Reset ssh-agent to be extra confident that ssh-agent is not storing anything in memory
killall ssh-agent; eval `ssh-agent`
6. Add the new key
ssh-add
7. You may get an error when trying to use keys to ssh a server saying "Agent admitted failure to sign using the key on big endian machines"
Disabling ssh-agent means that I'm able to input password in console and use my private key. I can then log in to my server OK. So I don't think there are problems with the generation of keys either
About my machine:
Ubuntu 15.04
| Ubuntu Foundations Team Bug Bot (crichton) wrote | #1 |
| tags: | added: bot-comment |
| affects: | ubuntu → gnome-keyring (Ubuntu) |
| Sebastien Bacher (seb128) wrote | #2 |
| Changed in gnome-keyring (Ubuntu): | |
| importance: | Undecided → Low |
| description: | updated |
| cortocopy (cortocopy) wrote Re: [Bug 1464296] Re: Ubuntu unable to handle ssh keys with PBKDF | #3 |
| Sebastien Bacher (seb128) wrote | #4 |
| Changed in gnome-keyring (Ubuntu): | |
| status: | New → Triaged |
| Changed in gnome-keyring: | |
| importance: | Unknown → Medium |
| status: | Unknown → Confirmed |
| Changed in gnome-keyring: | |
| status: | Confirmed → Fix Released |
Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https:/
To change the source package that this bug is filed about visit https:/
[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]