| Summary: | Error loading key ".ssh/id_rsa": error in libcrypto | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Tomasz Paweł Gajc <tpgxyz> | ||||||
| Component: | ssh-add | Assignee: | Assigned to nobody <unassigned-bugs> | ||||||
| Status: | CLOSED FIXED | ||||||||
| Severity: | normal | CC: | djm, dtucker, gl041188 | ||||||
| Priority: | P5 | ||||||||
| Version: | 8.4p1 | ||||||||
| Hardware: | ix86 | ||||||||
| OS: | Linux | ||||||||
| Attachments: |
|
||||||||
|
Description
Tomasz Paweł Gajc
2020-11-20 01:27:03 AEDT
From the github issue it looks like your key is in the OpenSSH format. If you have an older OpenSSH around, then could you try converting your key to the OpenSSL PEM format and see if that works? cp id_rsa id_rsa_pem ssh-keygen -p -m PEM -N '' -f id_rsa_pem You'll also be able to check the key using OpenSSL's tools, e.g. "openssl rsa -check -noout -in id_rsa_pem" (In reply to Damien Miller from comment #1) > From the github issue it looks like your key is in the OpenSSH > format. > > If you have an older OpenSSH around, then could you try converting > your key to the OpenSSL PEM format and see if that works? > Yes, my ssh key works with older openssh/openssl [live@localhost .ssh]$ ssh-keygen -p -m PEM -N '' -f id_rsa_pem Enter old passphrase: Your identification has been saved with the new passphrase. [live@localhost .ssh]$ openssl rsa -check -noout -in id id_rsa id_rsa_pem id_rsa.pub [live@localhost .ssh]$ openssl rsa -check -noout -in id_rsa_pem RSA key ok [live@localhost .ssh]$ rpm -qa | grep openssl openssl-1.1.1c-1.x86_64 lib64qca2-plugin-openssl-2.1.4-2.x86_64 [live@localhost .ssh]$ rpm -qa | grep openssh openssh-8.1p1-1.x86_64 openssh-server-8.1p1-1.x86_64 openssh-askpass-common-8.1p1-1.x86_64 openssh-clients-8.1p1-1.x86_64 Created attachment 3457 [details]
print libcrypto errors in ssh-add
okay, can you load the PEM key on the openssl-3.x host?
Also, you could try building OpenSSH from git with the attached patch applied to see why openssl-3.x is refusing the key.
Sorry for long delay in my response. I've applied your patch, recompiled opnssh, installed it and i executed ssh-add on my old key, and here is the output: [root@tpg-virtualbox home]# ssh-add -vvv Error loading key "/root/.ssh/id_rsa": error in libcrypt Created attachment 3469 [details] more debugging (In reply to Tomasz Paweł Gajc from comment #4) > Sorry for long delay in my response. No problem - thanks for helping debug this problem! > I've applied your patch, recompiled opnssh, installed it and i > executed ssh-add on my old key, and here is the output: > > [root@tpg-virtualbox home]# ssh-add -vvv > Error loading key "/root/.ssh/id_rsa": error in libcrypt I don't understand how the patch has failed to print more information. I have attached a patch that should show a little more - can you please try that? Hi, i did apply your second patch (https://github.com/OpenMandrivaAssociation/openssh/blob/errors/openssh-8.4p1-catch-openssl-errors.patch), here is the output: [root@tpg-virtualbox home]# ssh-add -vvv 306: Error loading key "/root/.ssh/id_rsa": error in libcrypto Here are the build logs https://abf.openmandriva.org/build_lists/981796 Output of a strace ssh-add -vvv :
newfstatat(AT_FDCWD, "/foo.ssh/id_rsa", {st_mode=S_IFREG|0600, st_size=3326, ...}, 0) = 0
openat(AT_FDCWD, "/foo/.ssh/id_rsa", O_RDONLY) = 4
newfstatat(4, "", {st_mode=S_IFREG|0600, st_size=3326, ...}, AT_EMPTY_PATH) = 0
getuid() = 0
newfstatat(4, "", {st_mode=S_IFREG|0600, st_size=3326, ...}, AT_EMPTY_PATH) = 0
read(4, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 3326
read(4, "", 770) = 0
read(4, "", 4096) = 0
close(4) = 0
futex(0x7f29f67cf20c, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f29f67cde50, FUTEX_WAKE_PRIVATE, 2147483647) = 0
futex(0x7f29f67cde58, FUTEX_WAKE_PRIVATE, 2147483647) = 0
write(2, "306: Error loading key \"/foo/.s"..., 63306: Error loading key "/foo/.ssh/id_rsa": error in libcrypto
) = 63
I am more and more convinced this is openssl3 internal issue with reading keys. Issue has been fixed with openssl-3.0.0-alpha16 closing bugs resolved before openssh-8.9 |