x/crypto/ssh: AES256-CBC isn't supported for passphrase-protected OpenSSH keys #37939
Labels
Milestone
Comments
RKinsey
changed the title
|
We are not going to support creating keys with that algorithm, but unless
it's particularly complex or broken we should probably support reading
them. I assume OpenSSH still supports them?
… |
|
@FiloSottile i'm still using them with OpenSSH daily (on macOS 10.5.3 and Linux Mint 19.3/Ubuntu 18.04). |
cagedmantis
added
the
NeedsInvestigation
FiloSottile
added
the
NeedsFix
gopherbot
removed
the
NeedsInvestigation
|
Change https://golang.org/cl/224817 mentions this issue: |
FiloSottile
pushed a commit
to FiloSottile/age
that referenced
this issue
Mar 24, 2020
c-expert-zigbee
pushed a commit
to c-expert-zigbee/crypto_go
that referenced
this issue
Mar 28, 2022
The existing code for decrypting OpenSSH-format keys only allows aes256-ctr, the current ssh-keygen default. However, the default encryption scheme was aes256-cbc until relatively recently, and some of these keys are still in use. Support for aes256-cbc has been added. Fixes golang/go#37939 Change-Id: I3730347109c5dd18e4cbe61b48bbca9566ad61d2 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/224817 Reviewed-by: Filippo Valsorda <filippo@golang.org>
c-expert-zigbee
pushed a commit
to c-expert-zigbee/crypto_go
that referenced
this issue
Mar 29, 2022
The existing code for decrypting OpenSSH-format keys only allows aes256-ctr, the current ssh-keygen default. However, the default encryption scheme was aes256-cbc until relatively recently, and some of these keys are still in use. Support for aes256-cbc has been added. Fixes golang/go#37939 Change-Id: I3730347109c5dd18e4cbe61b48bbca9566ad61d2 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/224817 Reviewed-by: Filippo Valsorda <filippo@golang.org>
c-expert-zigbee
pushed a commit
to c-expert-zigbee/crypto_go
that referenced
this issue
Mar 29, 2022
The existing code for decrypting OpenSSH-format keys only allows aes256-ctr, the current ssh-keygen default. However, the default encryption scheme was aes256-cbc until relatively recently, and some of these keys are still in use. Support for aes256-cbc has been added. Fixes golang/go#37939 Change-Id: I3730347109c5dd18e4cbe61b48bbca9566ad61d2 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/224817 Reviewed-by: Filippo Valsorda <filippo@golang.org>
LewiGoddard
pushed a commit
to LewiGoddard/crypto
that referenced
this issue
Feb 16, 2023
The existing code for decrypting OpenSSH-format keys only allows aes256-ctr, the current ssh-keygen default. However, the default encryption scheme was aes256-cbc until relatively recently, and some of these keys are still in use. Support for aes256-cbc has been added. Fixes golang/go#37939 Change-Id: I3730347109c5dd18e4cbe61b48bbca9566ad61d2 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/224817 Reviewed-by: Filippo Valsorda <filippo@golang.org>
BiiChris
pushed a commit
to BiiChris/crypto
that referenced
this issue
Sep 15, 2023
The existing code for decrypting OpenSSH-format keys only allows aes256-ctr, the current ssh-keygen default. However, the default encryption scheme was aes256-cbc until relatively recently, and some of these keys are still in use. Support for aes256-cbc has been added. Fixes golang/go#37939 Change-Id: I3730347109c5dd18e4cbe61b48bbca9566ad61d2 Reviewed-on: https://go-review.googlesource.com/c/crypto/+/224817 Reviewed-by: Filippo Valsorda <filippo@golang.org>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Someone over in @FiloSottile's age repo filed an issue a couple weeks ago (FiloSottile/age#100) because age reported an error on an older Ed25519 SSH key. Until v7.6 in 2017, OpenSSH used AES256-CBC as its default for password protected keys, and many of those keys are still in use.
The easiest demonstration is to use age and these keys: ed25519_pass.zip
Run
age -r ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDne4/teO42zTDdjNwxUMNpbfmp/dxgU4ZNkC3ydgcug -o out.age [file of your choice]then
age -d -i /path/to/private/key /path/to/out.ageThe passphrase is
passwordIt should report something likeError: failed to decrypt SSH key file: ssh: unknown cipher "aes256-cbc", only supports "aes256-ctr"along with some age-specific boilerplate.Edit: A playground is even better: https://play.golang.org/p/IUdSKrVgMpT
This happens because x/crypto/ssh only checks for CTR-mode AES in crypto/ssh/keys.go#L1249-L1251. The error isn't triggered with RSA keys generated by the same OpenSSH version, as they're labeled RSA PRIVATE KEY rather than OPENSSH PRIVATE KEY.
I'm partway through a fix, but I want to make sure that this wasn't an intentional move to discourage using older keys before I put too much effort into it.
The text was updated successfully, but these errors were encountered: