Output when changing comment is weird and badly documented

Bug #1615305 reported by Karol Babioch on 2016-08-21
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)

Bug Description

Changing a key comment within a private key might not be something you do on a daily basis, but it is mostly a frustrating task, since the documentation is incomplete and wrong. In particular the man page says:

       -c Requests changing the comment in the private and public key files. This operation is only supported for RSA1 keys and keys stored in the newer OpenSSH
              format. The program will prompt for the file containing the private keys, for the passphrase if the key has one, and for the new comment.

So, one gets the impression that this is not applicable to newer keys. However bug #811125 dealt with this, and there was a commit (see [1]) that added support for basically all key types. In the case of RSA keys one has to use the new key format though (-o), which can only be find out with trial and error and is not documented at all.

Furthermore the output of an actual ssh-keygen run is also confusing:

[kbabioch@antares .ssh]$ ssh-keygen -c -C "new comment" -f id_rsa -o
Enter passphrase:
Key now has comment '(null)'
The comment in your key file has been changed.

The output tells me that the key is now empty (null). However the comment is correctly set, so while this works as intended, it is confusing to the user.

[1] https://github.com/openssh/openssh-portable/commit/4d90625b229cf6b3551d81550a9861897509a65f#diff-8a50ef3f3b9ea11be3c3b2fc1c0555b3

Nish Aravamudan (nacc) wrote :

Hello Karol,

Thank you for reporting this issue.

What led you to the "impression that this is not applicable to newer keys"? The manpage specifically says, as you quoted "This operation is only supported for RSA1 keys and keys stored in the newer OpenSSH format." And this, in turn, specifically documents that you need to use the "newer OpenSSH format" for any non-RSA1 key (afaict). And searching the `man ssh-keygen` page, one gets:

" For RSA1 keys and keys stored in the newer OpenSSH format, there is also
     a comment field in the key file that is only for convenience to the user
     to help identify the key. The comment can tell what the key is for, or
     whatever is useful. The comment is initialized to “user@host” when the
     key is created, but can be changed using the -c option.

I agree that the comment being reported as '(null)' is probably a real bug, but it most likely should be filed upstream if it reproducible with the latest versions.

In which bug tracker is 811125 that you referred to? It is not an Ubuntu bug, afaict.


Changed in openssh (Ubuntu):
status: New → Incomplete
Launchpad Janitor (janitor) wrote :

[Expired for openssh (Ubuntu) because there has been no activity for 60 days.]

Changed in openssh (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers