Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/ssh: AES256-CBC isn't supported for passphrase-protected OpenSSH keys #37939

RKinsey opened this issue Mar 19, 2020 · 3 comments


Copy link

@RKinsey RKinsey commented Mar 19, 2020

Someone over in @FiloSottile's age repo filed an issue a couple weeks ago (FiloSottile/age#100) because age reported an error on an older Ed25519 SSH key. Until v7.6 in 2017, OpenSSH used AES256-CBC as its default for password protected keys, and many of those keys are still in use.

The easiest demonstration is to use age and these keys:
age -r ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDne4/teO42zTDdjNwxUMNpbfmp/dxgU4ZNkC3ydgcug -o out.age [file of your choice]
age -d -i /path/to/private/key /path/to/out.age
The passphrase is password

It should report something like Error: failed to decrypt SSH key file: ssh: unknown cipher "aes256-cbc", only supports "aes256-ctr" along with some age-specific boilerplate.
Edit: A playground is even better:

This happens because x/crypto/ssh only checks for CTR-mode AES in crypto/ssh/keys.go#L1249-L1251. The error isn't triggered with RSA keys generated by the same OpenSSH version, as they're labeled RSA PRIVATE KEY rather than OPENSSH PRIVATE KEY.

I'm partway through a fix, but I want to make sure that this wasn't an intentional move to discourage using older keys before I put too much effort into it.

@RKinsey RKinsey changed the title AES256-CBC isn't supported for passphrase-protected OpenSSH keys x/crypto/ssh: AES256-CBC isn't supported for passphrase-protected OpenSSH keys Mar 19, 2020
@gopherbot gopherbot added this to the Unreleased milestone Mar 19, 2020
Copy link

@FiloSottile FiloSottile commented Mar 19, 2020

Copy link

@martinseener martinseener commented Mar 20, 2020

@FiloSottile i'm still using them with OpenSSH daily (on macOS 10.5.3 and Linux Mint 19.3/Ubuntu 18.04).

Copy link

@gopherbot gopherbot commented Mar 22, 2020

Change mentions this issue: x/crypto/ssh: support aes256-cbc for passphrase-protected OpenSSH keys

FiloSottile pushed a commit to FiloSottile/age that referenced this issue Mar 24, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.