On 2018-04-07 11:24, Bernard Spil wrote:
On 2018-04-07 9:04, Joel Sing wrote:
On Friday 06 April 2018 21:31:01 Bernard Spil wrote:
Hi,
When using OpenSSH with LibreSSL 2.7.x it cannot read existing RSA
and
ECDSA private keys.
Error loading key "./id_rsa": invalid format
Rebuilding OpenSSH with LibreSSL 2.6.x fixes the issue. I had fixed
this
issue early on with LibreSSL 2.7 by converting the key to "new file
format" (to verify the ecdsa key wasn't corrupted I loaded it in
Fail:
-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,<snip>
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,<snip>
Success (both keys after converting):
-----BEGIN OPENSSH PRIVATE KEY-----
I've been digging through ssh-keygen to find a way to convert them
but
have yet to find the right knobs. -e only exports public keys.
Currently running `make test` on OpenSSH 7.7 with LibreSSL 2.7.2.
Any hints?
What does the following say, when compiled with 2.7.2:
$ openssl version
$ openssl rsa -in ~/.ssh/id_rsa -noout ; echo $?
$ ssh -V
Meanwhile I've figured out that I can prevent issues if I convert the
private key file to new format with
ssh-keygen -po -f keyfile
I had saved my old key as id_rsa-oldformat
$ openssl version
LibreSSL 2.7.2
$ openssl rsa -in ~/.ssh/id_rsa-oldformat -noout
Enter pass phrase for /home/bernard/.ssh/id_rsa-oldformat:
$ echo $?
0
$ ssh -V
OpenSSH_7.2p2, LibreSSL 2.7.1
$ /usr/local/bin/ssh -V
OpenSSH_7.6p1, LibreSSL 2.7.1
I see that I need to recompile ssh with 2.7.2, the libraries they use
are 2.7.2 not 2.7.1.
Cheers, Bernard.
To rule out issues with OpenSSH in base or ports on FreeBSD, I've now
built a vanilla OpenSSH 7.7p1 linked against LibreSSL. No change.
$ ./configure --prefix=$HOME/openssh
$ make
$ make instal
$ cd ~/openssh/bin
$ ./ssh -V
OpenSSH_7.7p1, LibreSSL 2.7.2
$ ldd ./ssh
./ssh:
libcrypto.so.43 => /lib/libcrypto.so.43 (0x8008c3000)
libutil.so.9 => /lib/libutil.so.9 (0x800cab000)
libz.so.6 => /lib/libz.so.6 (0x800ebf000)
libcrypt.so.5 => /lib/libcrypt.so.5 (0x8010d8000)
libc.so.7 => /lib/libc.so.7 (0x8012f7000)
$ ./ssh-add ~/.ssh/id_rsa-oldformat
Error loading key "/home/bernard/.ssh/id_rsa-oldformat": invalid format
Cheers, Bernard.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev