desktop-packages team mailing list archive

Thread
Date

[Bug 1464296] Re: Ubuntu unable to handle ssh keys with PBKDF

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Sebastien Bacher <seb128@xxxxxxxxxx>
Date: Thu, 11 Jun 2015 16:50:10 -0000
Reply-to: Bug 1464296 <1464296@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Thank you for taking the time to report this bug and helping to make
Ubuntu better. The issue you are reporting is an upstream one and it
would be nice if somebody having it could send the bug to the developers
of the software by following the instructions at
https://wiki.ubuntu.com/Bugs/Upstream/GNOME. If you have done so, please
tell us the number of the upstream bug (or the link), so we can add a
bugwatch that will inform us about its status. Thanks in advance.

** Changed in: gnome-keyring (Ubuntu)
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-keyring in Ubuntu.
https://bugs.launchpad.net/bugs/1464296

Title:
  Ubuntu unable to handle ssh keys with PBKDF

Status in gnome-keyring package in Ubuntu:
  New

Bug description:
  Today I wanted to upgrade the security of my SSH keys to use PBKDF.
  After struggling with ssh-agent I realised that either Gnome Keyring
  was unable to handle the new ssh key or it was a problem with ssh-
  agent.

  After troubleshooting historic bugs with ssh-agent I was unable to
  make it work. It always returned the error "Agent admitted failure to
  sign using the key on big endian machines"

  The problem seems to be that Gnome Keyring is unable to handle the
  complex newly encoded passphrase.

  Steps to reproduce:

  1. Create a SSH key with PBKDF

  ssh-keygen -b 4096 -o -a 500

  2. Either overwrite or create new keys with default identity id_rsa
  3. Protect it with a strong password (256-But Hex Key)
  4. Delete previous keys stored by ssh-agent

  ssh-add -D (for manual entries)
  ssh-add -d (for automatic entries)

  5. Reset ssh-agent to be extra confident that ssh-agent is not storing
  anything in memory

  killall ssh-agent; eval `ssh-agent`

  6. Add the new key

  ssh-add

  7. You may get an error when trying to use keys to ssh a server saying
  "Agent admitted failure to sign using the key on big endian machines"

  Disabling ssh-agent means that I'm able to input password in console
  and use my private key. I can then log in to my server OK. So I don't
  think there are  problems with the generation of keys either

  
  About my machine:
  Ubuntu 15.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1464296/+subscriptions

Follow ups

[Bug 1464296] Re: Ubuntu unable to handle ssh keys with PBKDF
From: cortocopy, 2015-06-15