Your message dated Sat, 7 Apr 2018 11:12:41 +0100
with message-id <>
and subject line Re: Bug#614818: openssh-client: ssh(1) man page should note 
id_rsa encryption now uses AES, not 3DES
has caused the Debian Bug report #614818,
regarding openssh-client: ssh(1) man page should note id_rsa encryption now 
uses AES, not 3DES
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact

Debian Bug Tracking System
Contact with problems
--- Begin Message ---
Package: openssh-client
Version: 1:5.8p1-2
Severity: normal

In the FILES section of ssh(1), it says:

             Contains the private key for authentication.  These files contain
             sensitive data and should be readable by the user but not acces‐
             sible by others (read/write/execute).  ssh will simply ignore a
             private key file if it is accessible by others.  It is possible
             to specify a passphrase when generating the key which will be
             used to encrypt the sensitive part of this file using 3DES.

However, in a recent release, ssh-keygen has switched to using AES, not
3DES, to encrpyt the private key. This is noted in the ssh-keygen(1) page,
in this same pkg:

             Contains the protocol version 2 DSA, ECDSA or RSA authentication
             identity of the user.  This file should not be readable by anyone
             but the user.  It is possible to specify a passphrase when gener‐
             ating the key; that passphrase will be used to encrypt the pri‐
             vate part of this file using 128-bit AES.  [...]

This section should probably be the same across both man pages.

thanks much

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux (PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-client depends on:
ii  adduser              3.112+nmu2          add and remove users and groups
ii  debconf [debconf-2.0 1.5.38              Debian configuration management sy
ii  dpkg                  Debian package management system
ii  libc6                2.11.2-11           Embedded GNU C Library: Shared lib
ii  libedit2             2.11-20080614-2     BSD editline and history libraries
ii  libgssapi-krb5-2     1.8.1+dfsg-5        MIT Kerberos runtime libraries - k
ii  libselinux1          2.0.96-1            SELinux runtime shared libraries
ii  libssl0.9.8          0.9.8o-4            SSL shared libraries
ii  passwd               1: change and administer password and
ii  zlib1g               1:    compression library - runtime

Versions of packages openssh-client recommends:
ii  openssh-blacklist             0.4.1      list of default blacklisted OpenSS
ii  openssh-blacklist-extra       0.4.1      list of non-default blacklisted Op
ii  xauth                         1:1.0.5-1  X authentication utility

Versions of packages openssh-client suggests:
ii  gtk-led-askpass [ssh-askpass 0.11-1      GTK+ password dialog suitable for 
ii  keychain                     2.6.8-2     key manager for OpenSSH
pn  libpam-ssh                   <none>      (no description available)
ii  ssh-askpass                  1: under X, asks user for a passphras

-- debconf-show failed

--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:7.7p1-1

On Wed, Oct 04, 2017 at 01:02:30PM +0100, Colin Watson wrote:
> Thanks.  I've belatedly confirmed that this is still the case in 7.6p1,
> and forwarded your bug upstream as

Fixed in OpenSSH 7.7p1.

Colin Watson                                       []

--- End Message ---

Reply via email to