Debian Bug report logs -
#888205
openssh-client: ssh-keygen -t rsa1 fails very late
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#888205; Package openssh-client.
(Tue, 23 Jan 2018 21:57:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Ian Jackson <ijackson@chiark.greenend.org.uk>:
New Bug report received and forwarded. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>.
(Tue, 23 Jan 2018 21:57:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: openssh-client
Version: 1:7.4p1-10+deb9u2
Severity: normal
$ ssh-keygen -t rsa1 -b 2048 -f t
Generating public/private rsa1 key pair.
t already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Saving key "t" failed: unknown or unsupported key type
$
I guess this is a consequence of dropping SSH v1 protocol support.
This is inconvenient for me as I have a program which uses RSA, relies
on an external key generator, and understands the ssh v1 key format.
So ideally I would like this facility to be restored.
Failing that, I would like ssh-keygen to say "never heard of that key
type" rather than going ahead and generating a perfectly good RSA key
before failing to marshal it up into a key file.
Thanks,
Ian.
-- System Information:
Debian Release: 9.3
APT prefers stable-debug
APT policy: (500, 'stable-debug'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages openssh-client depends on:
ii adduser 3.115
ii dpkg 1.18.24
ii libc6 2.24-11+deb9u1
ii libedit2 3.1-20160903-3
ii libgssapi-krb5-2 1.15-1+deb9u1
ii libselinux1 2.6-3+b3
ii libssl1.0.2 1.0.2l-2+deb9u2
ii passwd 1:4.4-4.1
ii zlib1g 1:1.2.8.dfsg-5
Versions of packages openssh-client recommends:
ii xauth 1:1.0.9-1+b2
Versions of packages openssh-client suggests:
pn keychain <none>
pn libpam-ssh <none>
pn monkeysphere <none>
pn ssh-askpass <none>
-- no debconf information
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#888205; Package openssh-client.
(Tue, 23 Jan 2018 22:45:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>.
(Tue, 23 Jan 2018 22:45:05 GMT) (full text, mbox, link).
Message #10 received at 888205@bugs.debian.org (full text, mbox, reply):
On Tue, Jan 23, 2018 at 09:52:42PM +0000, Ian Jackson wrote:
> $ ssh-keygen -t rsa1 -b 2048 -f t
> Generating public/private rsa1 key pair.
> t already exists.
> Overwrite (y/n)? y
> Enter passphrase (empty for no passphrase):
> Enter same passphrase again:
> Saving key "t" failed: unknown or unsupported key type
> $
>
> I guess this is a consequence of dropping SSH v1 protocol support.
>
> This is inconvenient for me as I have a program which uses RSA, relies
> on an external key generator, and understands the ssh v1 key format.
> So ideally I would like this facility to be restored.
You'll need to install openssh-client-ssh1 and use ssh-keygen1, which
I've preserved for this kind of purpose. I'm afraid that the
probability of this facility being reintroduced in modern OpenSSH
approaches zero.
> Failing that, I would like ssh-keygen to say "never heard of that key
> type" rather than going ahead and generating a perfectly good RSA key
> before failing to marshal it up into a key file.
I agree that this would be a good idea. If you have time then it would
speed things up if you could file this upstream at bugzilla.mindrot.org.
--
Colin Watson [cjwatson@debian.org]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>:
Bug#888205; Package openssh-client.
(Wed, 24 Jan 2018 11:51:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Ian Jackson <ijackson@chiark.greenend.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>.
(Wed, 24 Jan 2018 11:51:02 GMT) (full text, mbox, link).
Message #15 received at 888205@bugs.debian.org (full text, mbox, reply):
Control: forwarded -1 https://bugzilla.mindrot.org/show_bug.cgi?id=2825
Colin Watson writes ("Re: Bug#888205: openssh-client: ssh-keygen -t rsa1 fails very late"):
> You'll need to install openssh-client-ssh1 and use ssh-keygen1, which
> I've preserved for this kind of purpose.
Oh! I was unaware of this. Thanks.
> On Tue, Jan 23, 2018 at 09:52:42PM +0000, Ian Jackson wrote:
> > Failing that, I would like ssh-keygen to say "never heard of that key
> > type" rather than going ahead and generating a perfectly good RSA key
> > before failing to marshal it up into a key file.
>
> I agree that this would be a good idea. If you have time then it would
> speed things up if you could file this upstream at bugzilla.mindrot.org.
Done.
Thanks,
Ian.
Added tag(s) fixed-upstream.
Request was from bts-link-upstream@lists.alioth.debian.org
to control@bugs.debian.org.
(Mon, 12 Feb 2018 17:37:14 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Mar 25 18:52:48 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.