Re: OpenSSH private key format errors with LibreSSL 2.7

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 2018-04-07 9:04, Joel Sing wrote:
On Friday 06 April 2018 21:31:01 Bernard Spil wrote:
Hi,

When using OpenSSH with LibreSSL 2.7.x it cannot read existing RSA and
ECDSA private keys.

     Error loading key "./id_rsa": invalid format

Rebuilding OpenSSH with LibreSSL 2.6.x fixes the issue. I had fixed this
issue early on with LibreSSL 2.7 by converting the key to "new file
format" (to verify the ecdsa key wasn't corrupted I loaded it in

Fail:
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,<snip>

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,<snip>

Success (both keys after converting):
-----BEGIN OPENSSH PRIVATE KEY-----

I've been digging through ssh-keygen to find a way to convert them but
have yet to find the right knobs. -e only exports public keys.

Currently running `make test` on OpenSSH 7.7 with LibreSSL 2.7.2.

Any hints?

What does the following say, when compiled with 2.7.2:

$ openssl version
$ openssl rsa -in ~/.ssh/id_rsa -noout ; echo $?
$ ssh -V

Meanwhile I've figured out that I can prevent issues if I convert the private key file to new format with
   ssh-keygen -po -f keyfile
I had saved my old key as id_rsa-oldformat

$ openssl version
LibreSSL 2.7.2
$ openssl rsa -in ~/.ssh/id_rsa-oldformat -noout
Enter pass phrase for /home/bernard/.ssh/id_rsa-oldformat:
$ echo $?
0
$ ssh -V
OpenSSH_7.2p2, LibreSSL 2.7.1
$ /usr/local/bin/ssh -V
OpenSSH_7.6p1, LibreSSL 2.7.1

I see that I need to recompile ssh with 2.7.2, the libraries they use are 2.7.2 not 2.7.1.

Cheers, Bernard.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux