[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: auth_fn segfaults when reading encrypted private key in new openssh format


On Mon, 2019-03-25 at 14:16 +0100, Jeroen Ooms wrote:
> I'm running into a crash with libssh 0.8.6 / 0.8.90 that appears when
> reading an encrypted (passphrased) id_rsa in the new openssh private
> key format. My code looks like this:
> 
>   ssh_key privkey = NULL;
>   ssh_pki_import_privkey_file("path/to/id_rsa, NULL,
> my_auth_callback,
> passfun, &privkey)
> 
> Here my_auth_callback prompts the user for a passphrase, copies that
> into *buf and then returns SSH_OK. This works as expected when the
> private key is encypted using the classic pkcs1 format, i.e. the one
> that starts with:
> 
>   -----BEGIN RSA PRIVATE KEY-----
>   Proc-Type: 4,ENCRYPTED
>   DEK-Info: DES-EDE3-CBC,E5E17B572446A169
> 
> However, keys generated with recent versions of ssh-keygen are using
> the new bcrypt encrypted format, which starts with:
> 
>   -----BEGIN OPENSSH PRIVATE KEY-----
> 
> For these keys,  ssh_pki_import_privkey_file() segfaults immediately
> after the my_auth_callback has returned the password.

Can you share the backtrace or coredump from the crash? How was this
new id file generated? By OpenSSH?

Regards,
-- 
Jakub Jelen
Senior Software Engineer
Security Technologies
Red Hat, Inc.


Archive administrator: postmaster@lists.cynapses.org