desktop-packages team mailing list archive

Thread
Date

[Bug 1464296] [NEW] Ubuntu unable to handle ssh keys with PBKDF

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1464296@xxxxxxxxxxxxxxxxxx>
Date: Thu, 11 Jun 2015 16:48:57 -0000
Reply-to: Bug 1464296 <1464296@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

You have been subscribed to a public bug:

Today I wanted to upgrade the security of my SSH keys to use PBKDF.
After struggling with ssh-agent I realised that either Gnome Keyring was
unable to handle the new ssh key or it was a problem with ssh-agent.

After troubleshooting historic bugs with ssh-agent I was unable to make
it work. It always returned the error "Agent admitted failure to sign
using the key on big endian machines"

The problem seems to be that Gnome Keyring is unable to handle the
complex newly encoded passphrase.

Steps to reproduce:

1. Create a SSH key with PBKDF

ssh-keygen -b 4096 -o -a 500

2. Either overwrite or create new keys with default identity id_rsa
3. Protect it with a strong password (256-But Hex Key)
4. Delete previous keys stored by ssh-agent

ssh-add -D (for manual entries)
ssh-add -d (for automatic entries)

5. Reset ssh-agent to be extra confident that ssh-agent is not storing
anything in memory

killall ssh-agent; eval `ssh-agent`

6. Add the new key

ssh-add

7. You may get an error when trying to use keys to ssh a server saying "Agent admitted failure to sign using the key on big endian machines"

About my machine:
Ubuntu 15.04

** Affects: gnome-keyring (Ubuntu)
Importance: Undecided
Status: New

** Tags: bot-comment
--
Ubuntu unable to handle ssh keys with PBKDF
https://bugs.launchpad.net/bugs/1464296
You received this bug notification because you are a member of Desktop Packages, which is subscribed to gnome-keyring in Ubuntu.