Bug 2788

Summary: ssh(1) man page should note id_rsa encryption now uses AES, not 3DES
Product: Portable OpenSSH Reporter: Colin Watson <cjwatson>
Component: DocumentationAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: minor CC: djm
Priority: P5    
Version: 7.6p1   
Hardware: Other   
OS: Linux   
URL: https://bugs.debian.org/614818
Bug Depends on:    
Bug Blocks: 2782    

Description Colin Watson 2017-10-04 23:00:16 AEDT 
In https://bugs.debian.org/614818, Calum Mackay reported the following, and I've checked that this is still the case in 7.6p1:


In the FILES section of ssh(1), it says:

     ~/.ssh/id_rsa
             Contains the private key for authentication.  These files contain
             sensitive data and should be readable by the user but not acces‐
             sible by others (read/write/execute).  ssh will simply ignore a
             private key file if it is accessible by others.  It is possible
             to specify a passphrase when generating the key which will be
             used to encrypt the sensitive part of this file using 3DES.

However, in a recent release, ssh-keygen has switched to using AES, not
3DES, to encrpyt the private key. This is noted in the ssh-keygen(1) page,
in this same pkg:

     ~/.ssh/id_rsa
             Contains the protocol version 2 DSA, ECDSA or RSA authentication
             identity of the user.  This file should not be readable by anyone
             but the user.  It is possible to specify a passphrase when gener‐
             ating the key; that passphrase will be used to encrypt the pri‐
             vate part of this file using 128-bit AES.  [...]


This section should probably be the same across both man pages.
Comment 1 Damien Miller 2017-11-03 13:28:37 AEDT 
Thanks, I've a fix
Comment 2 Damien Miller 2018-04-06 12:26:32 AEST 
Close all resolved bugs after release of OpenSSH 7.7.