https://bugzilla.mindrot.org/show_bug.cgi?id=3190
--- Comment #6 from Jakub Jelen <[email protected]> --- (In reply to Damien Miller from comment #5) > Created attachment 3428 [details] > attempt to load public key from passphraseless private keys > > PEM doesn't include the public key in encrypted private keys' > cleartext though, right? right. > IMO we could load passphrase-free keys, but we should remove their > private elements immediately after loading. Right. That was the idea and I think the only missing bit. But I got a bit confused since had old openssh installed and the handling of new format was already in master. Your patch works fine after fixing two minor nits: { char *pubfile = NULL, *privcmt = NULL; int r, oerrno; - struct sshkey *privkey; + struct sshkey *privkey = NULL; if (keyp != NULL) *keyp = NULL; */ if ((r = sshkey_load_private(filename, "", &privkey, &privcmt)) == 0) { if ((r = sshkey_from_private(privkey, keyp)) == 0) { - if (commentp != NULL) + if (commentp != NULL) { *commentp = privcmt; privcmt = NULL; /* transferred */ } The only ugly corner case is the removal of key from ssh-agent, which still fails with cryptic error if the key is encrypted PEM missing sidecar public key: $ ssh-add -d /tmp/rsa Bad key file /tmp/rsa: No such file or directory Otherwise it looks good. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
