My RSA private key stashed in a file that says SSH PRIVATE KEY FILE FORMAT 1.1 has functioned forever.
In fedora23, however the ssh-add command does this:
tomh> ssh-add /home/tweety/.ssh/identity Enter passphrase for /home/tweety/.ssh/identity: Bad passphrase, try again for /home/tweety/.ssh/identity:
(I couldn't possibly have typo'ed the passphrase as many times as I've tried :-).
If I use the identical private key file in fedora22, ssh-add works fine.
Is there is bug in some crypto library or something?
On 01/08/2016 03:35 PM, Tom Horsley wrote:
My RSA private key stashed in a file that says SSH PRIVATE KEY FILE FORMAT 1.1 has functioned forever.
I don't recall seeing any changelog entry for it, but:
$ ssh-keygen -t rsa1 -f keytmp Generating public/private rsa1 key pair. Enter passphrase (empty for no passphrase): Enter same passphrase again: Saving key "keytmp" failed: unknown or unsupported key type
It looks like support for protocol 1 (and, hence, rsa1 keys) has been disabled in openssh 7. You can get some client support with the openssh-clients-ssh1.x86_64 package, but that doesn't include agent support.
Problem cause and work around in this bug.
On Fri, 8 Jan 2016 21:23:58 -0700 Chris Murphy wrote:
Problem cause and work around in this bug.
Good info - thanks!
But I have to wonder - how the heck do I ssh to old machines that only support ssh1 and are setup for public key login only? :-).
On Fri, 8 Jan 2016 23:32:35 -0500 Tom Horsley horsley1953@gmail.com wrote:
On Fri, 8 Jan 2016 21:23:58 -0700 Chris Murphy wrote:
Problem cause and work around in this bug.
Good info - thanks!
But I have to wonder - how the heck do I ssh to old machines that only support ssh1 and are setup for public key login only? :-).
dnf install openssh-clients-ssh1
and then use 'ssh1 -i /path/to/identity'
but I guess that won't work with your agent...
kevin
-
Chris Murphy -
Gordon Messmer -
Kevin Fenzi -
Tom Horsley