2046 – ssh-add -d does not drop certificate

Bug 2046 - ssh-add -d does not drop certificate

Summary: ssh-add -d does not drop certificate

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh-add (show other bugs)
Version:	6.1p1
Hardware:	All Linux

Importance:	P5 trivial
Assignee:	Damien Miller

URL:
Keywords:

Depends on:
Blocks:	V_6_2
	Show dependency tree / graph

Reported:	2012-11-02 01:37 AEDT by Ondrej Caletka
Modified:	2023-01-13 13:37 AEDT (History)
CC List:	0 users

See Also:

Attachments
Make ssh-add -d remove certificate too (1.60 KB, patch) 2012-11-09 10:49 AEDT, Damien Miller	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ondrej Caletka 2012-11-02 01:37:58 AEDT

When using ssh-add -d to drop keys previously learned by invoking ssh-add without arguments, only raw key is dropped even if there is also a certificate in ~/.ssh/id_rsa-cert.pub.

As I see the purpose of -d switch is to undo previous ssh-add command, I think the correct behaviour is to drop the certificate as well.

Comment 1 Damien Miller 2012-11-09 10:49:41 AEDT

Created attachment 2193 [details]
Make ssh-add -d remove certificate too

Right.

It is possible to remove a cert by explicitly listing its *-cert.pub file, but this isn't symmetric with ssh-add's behaviour and is therefore not what users would reasonably expect.

This patch makes ssh-add -d remove both the plain key and the corresponding certificate. It also makes -d respect the recently-added -k option to allow selectively removing just the key.

Comment 2 Damien Miller 2012-12-03 11:01:58 AEDT

Applied - this will be in openssh-6.2, due early next year

Comment 3 Damien Miller 2013-03-22 12:02:15 AEDT

mark bugs closed by openssh-6.2 release as CLOSED