Bug 2891

Summary: authorized_keys does not accept RFC4716 format
Product: Portable OpenSSH Reporter: openssh
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WONTFIX    
Severity: enhancement CC: djm
Priority: P5    
Version: 7.7p1   
Hardware: Other   
OS: Linux   

Description openssh 2018-08-01 04:14:34 AEST 
I copied a public key in RFC4716 format into the authorized_keys file:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20180731"
AAAAB3NzaC1yc2EAAAABJQAAAQEAkpDfVicjGj3lD+G73nU9IvTEZXrS9ckH1RKH
i1OfzqGjYF1EX6+8cMUc3pL+y0uKIIU1M+e9yDCrUSlWUIP8KSx0ng7G76yopN8J
F0mQFvmV6X8cyEmuZ0NhLXXZ2bJ/mgRgWEb1jF3jj1UMiR7/SO0knGpgO2S8EZxj
aFyDRcRzFfjj9KBcFgcTcaRAkamNz1ZUMdupb7Yk2f8tR3s6H1jONWRk3s0Gpfdf
yyd+KMLDZwR/ie5wZHl9SRZ5Z8sGOhpERaauJuhC5rz+Go3zq0TuWdkCr6QsRv3w
JPn70onI5LfS1dijS3du+SXz7RWifFj0rsOJKk3Z9MrBoDUnZw==
---- END SSH2 PUBLIC KEY ----

but ssh did not recognize this format when attempting to log in. Only when I changed it to OpenSSH's single line format did it work:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAkpDfVicjGj3lD+G73nU9IvTEZXrS9ckH1RKHi1OfzqGjYF1EX6+8cMUc3pL+y0uKIIU1M+e9yDCrUSlWUIP8KSx0ng7G76yopN8JF0mQFvmV6X8cyEmuZ0NhLXXZ2bJ/mgRgWEb1jF3jj1UMiR7/SO0knGpgO2S8EZxjaFyDRcRzFfjj9KBcFgcTcaRAkamNz1ZUMdupb7Yk2f8tR3s6H1jONWRk3s0Gpfdfyyd+KMLDZwR/ie5wZHl9SRZ5Z8sGOhpERaauJuhC5rz+Go3zq0TuWdkCr6QsRv3wJPn70onI5LfS1dijS3du+SXz7RWifFj0rsOJKk3Z9MrBoDUnZw==

I think OpenSSH should support the use of the RFC4716 format in the authorized_keys file.
Comment 1 Damien Miller 2018-08-01 08:30:12 AEST 
Sorry, we have no desire to change the authorized_keys format. RFC4716 is more cumbersome and incompatible with the way we handle key options.

ssh-keygen can be used to convert RFC4716 to our format, but we're not going to include it in authorized_keys.
Comment 2 Damien Miller 2021-04-23 14:58:52 AEST 
closing resolved bugs as of 8.6p1 release