Debian Bug report logs -
#614818
openssh-client: ssh(1) man page should note id_rsa encryption now uses AES, not 3DES
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#614818; Package openssh-client.
(Wed, 23 Feb 2011 16:15:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Calum Mackay <calum.mackay@cdmnet.org>:
New Bug report received and forwarded. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>.
(Wed, 23 Feb 2011 16:15:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: openssh-client
Version: 1:5.8p1-2
Severity: normal
In the FILES section of ssh(1), it says:
~/.ssh/id_rsa
Contains the private key for authentication. These files contain
sensitive data and should be readable by the user but not acces‐
sible by others (read/write/execute). ssh will simply ignore a
private key file if it is accessible by others. It is possible
to specify a passphrase when generating the key which will be
used to encrypt the sensitive part of this file using 3DES.
However, in a recent release, ssh-keygen has switched to using AES, not
3DES, to encrpyt the private key. This is noted in the ssh-keygen(1) page,
in this same pkg:
~/.ssh/id_rsa
Contains the protocol version 2 DSA, ECDSA or RSA authentication
identity of the user. This file should not be readable by anyone
but the user. It is possible to specify a passphrase when gener‐
ating the key; that passphrase will be used to encrypt the pri‐
vate part of this file using 128-bit AES. [...]
This section should probably be the same across both man pages.
thanks much
calum.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.35.7 (PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssh-client depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii debconf [debconf-2.0 1.5.38 Debian configuration management sy
ii dpkg 1.15.8.10 Debian package management system
ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib
ii libedit2 2.11-20080614-2 BSD editline and history libraries
ii libgssapi-krb5-2 1.8.1+dfsg-5 MIT Kerberos runtime libraries - k
ii libselinux1 2.0.96-1 SELinux runtime shared libraries
ii libssl0.9.8 0.9.8o-4 SSL shared libraries
ii passwd 1:4.1.4.2+svn3283-2 change and administer password and
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages openssh-client recommends:
ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS
ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op
ii xauth 1:1.0.5-1 X authentication utility
Versions of packages openssh-client suggests:
ii gtk-led-askpass [ssh-askpass 0.11-1 GTK+ password dialog suitable for
ii keychain 2.6.8-2 key manager for OpenSSH
pn libpam-ssh <none> (no description available)
ii ssh-askpass 1:1.2.4.1-9 under X, asks user for a passphras
-- debconf-show failed
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#614818; Package openssh-client.
(Wed, 04 Oct 2017 12:06:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>.
(Wed, 04 Oct 2017 12:06:03 GMT) (full text, mbox, link).
Message #10 received at 614818@bugs.debian.org (full text, mbox, reply):
Control: forwarded -1 https://bugzilla.mindrot.org/show_bug.cgi?id=2788
On Tue, Feb 22, 2011 at 11:10:40PM +0000, Calum Mackay wrote:
> In the FILES section of ssh(1), it says:
[...]
> However, in a recent release, ssh-keygen has switched to using AES, not
> 3DES, to encrpyt the private key.
Thanks. I've belatedly confirmed that this is still the case in 7.6p1,
and forwarded your bug upstream as
https://bugzilla.mindrot.org/show_bug.cgi?id=2788.
--
Colin Watson [cjwatson@debian.org]
Added tag(s) fixed-upstream.
Request was from bts-link-upstream@lists.alioth.debian.org
to control@bugs.debian.org.
(Mon, 06 Nov 2017 17:36:16 GMT) (full text, mbox, link).
Reply sent
to Colin Watson <cjwatson@debian.org>:
You have taken responsibility.
(Sat, 07 Apr 2018 10:15:06 GMT) (full text, mbox, link).
Notification sent
to Calum Mackay <calum.mackay@cdmnet.org>:
Bug acknowledged by developer.
(Sat, 07 Apr 2018 10:15:06 GMT) (full text, mbox, link).
Message #19 received at 614818-done@bugs.debian.org (full text, mbox, reply):
Source: openssh
Source-Version: 1:7.7p1-1
On Wed, Oct 04, 2017 at 01:02:30PM +0100, Colin Watson wrote:
> Thanks. I've belatedly confirmed that this is still the case in 7.6p1,
> and forwarded your bug upstream as
> https://bugzilla.mindrot.org/show_bug.cgi?id=2788.
Fixed in OpenSSH 7.7p1.
--
Colin Watson [cjwatson@debian.org]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 16 May 2018 07:26:55 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Mar 25 18:46:37 2023;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.