Bug 2514

Summary: Usability: Key filenames / extensions make sharing private key likely.
Product: Portable OpenSSH Reporter: Warren Kumari <warren>
Component: MiscellaneousAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WONTFIX    
Severity: minor CC: djm
Priority: P5    
Version: -current   
Hardware: All   
OS: All   

Description Warren Kumari 2015-12-10 11:31:43 AEDT 
Public key files have an extension (.pub), private key files do not. This makes tab completion complete to the "wrong" key file...

I *did* look for existing bugs about this, with no luck...

E.g:
In my .ssh directory there many keys. As an example:
-r--------   1 wkumari  staff   1675 Mar 13  2015 id_rsa
-r--------   1 wkumari  staff    385 Mar 13  2015 id_rsa.pub

I want to be able to use this key to login to routers and servers, so I need to share the public key with folk / copy it to a server so I can append it to an authorized_keys file / etc.

So, how do I do that?
Well, chances are I'm in a rush, so I do:
echo ~/.ssh/id_rs<tab> | email $someone
or 
scp ~/.ssh/id_rs<tab> server.example.com:~/tmp

....and, I've just emailed / copied off my *private* key. 

The issue here is that the private key has no extension (and the public one does), and so tab completion helpfully completes to the private key. This is almost *never* the right option :-P
 
This could be easily solved by making private keys also have an extension (e.g id_rsa.priv or something.


To recreate issue:
1: generate a key.
2: try do something with the key file, while in a rush / juggling many plates / being drunk. Use tab completion.
3: Feel stupid. Promise yourself you will never do this again. Go delete the key from everywhere you've ever used it. 
4: lather, rinse, repeat.
Comment 1 Damien Miller 2016-12-02 13:53:52 AEDT 
If we were starting from scratch then we might consider doing this differently but changing things now will break 20+ years of workflow.
Comment 2 Damien Miller 2018-04-06 12:26:48 AEST 
Close all resolved bugs after release of OpenSSH 7.7.