Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/ssh: malformed SSH identity - parse error in message type 0 #52135

Open
flotester opened this issue Apr 4, 2022 · 4 comments
Open
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone

Comments

@flotester
Copy link

What version of Go are you using (go version)?

$ go version: 1.18

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

$ go env: all

What did you do?

Using FiloSottile age cli tool under the conditions listed, an error was encountered:
age version: v1.0.0
ssh key used (With Passphrase): ssh-keygen -t ed25519 -f age-ssh -a 100 -Z "chacha20-poly1305@openssh.com"

$ age -d -i age-ssh test.txt.age > test_decrypted.txt
$ age: error: reading "age-ssh": malformed SSH identity in "age-ssh": ssh: parse error in message type 0

For further details please see this issue: FiloSottile/age#407

Narrowing down the problem
I have investigated some more and found some conditions under which the problem occurs:

The problem does not occur with keys generated like this:

ssh-keygen -f key -t ed25519 -Z 3des-cbc (with password)
ssh-keygen -f key -t ed25519 -Z aes128-cbc (with password)
ssh-keygen -f key -t ed25519 -Z aes192-cbc (with password)
ssh-keygen -f key -t ed25519 -Z aes256-cbc (with password)
ssh-keygen -f key -t ed25519 -Z aes128-ctr (with password)
ssh-keygen -f key -t ed25519 -Z aes192-ctr (with password)
ssh-keygen -f key -t ed25519 -Z aes256-ctr (with password)
ssh-keygen -f key -Z aes256-ctr (with password)
ssh-keygen -f key -Z aes256-ctr (without password)
ssh-keygen -f key -Z aes128-gcm@openssh.com (without password)
ssh-keygen -f key -Z aes256-gcm@openssh.com (without password)
ssh-keygen -f key -Z chacha20-poly1305@openssh.com (without password)
The problem does occur with keys generated like this:

ssh-keygen -f key -t ed25519 -Z aes128-gcm@openssh.com (with password)
ssh-keygen -f key -t ed25519 -Z aes256-gcm@openssh.com (with password)
ssh-keygen -f key -t ed25519 -Z chacha20-poly1305@openssh.com (with password)
ssh-keygen -f key -Z chacha20-poly1305@openssh.com (with password)

It seems to me like the problem only occurs when using the ciphers aes128-gcm@openssh.com, aes256-gcm@openssh.com and chacha20-poly1305@openssh.com and only when using a password protected key. The type of key seems to be irrelevant.

What did you expect to see?

A decrypted file with no cli errors

What did you see instead?

The error message mentioned above instead
Note: Encryption seemed to work fine in this instance

@flotester flotester changed the title affected/package: golang.org/x/crypto/ssh. malformed SSH identity: parse error in message type 0 golang.org/x/crypto/ssh: malformed SSH identity - parse error in message type 0 Apr 4, 2022
@codesoap
Copy link
Contributor

codesoap commented Apr 5, 2022

I'm not familiar with the code, but there seem to be some trailing, unprocessed bytes in the key which lead to the error. I can see that in other places in the library a "Rest" attribute is used to catch such trailing bytes. If the same is done here, the original error disappears:

diff --git a/ssh/keys.go b/ssh/keys.go
index 1c7de1a..659fd63 100644
--- a/ssh/keys.go
+++ b/ssh/keys.go
@@ -1261,6 +1261,7 @@ func parseOpenSSHPrivateKey(key []byte, decrypt openSSHDecryptFunc) (crypto.Priv
                NumKeys      uint32
                PubKey       []byte
                PrivKeyBlock []byte
+               Rest         []byte `ssh:"rest"`
        }

        if err := Unmarshal(remaining, &w); err != nil {

However, in place of the old error, there will be a new one which clarifies the underlying problem:

ssh: unknown cipher "chacha20-poly1305@openssh.com", only supports "aes256-ctr" or "aes256-cbc"

@cherrymui cherrymui added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Apr 5, 2022
@cherrymui cherrymui added this to the Unreleased milestone Apr 5, 2022
@cherrymui cherrymui changed the title golang.org/x/crypto/ssh: malformed SSH identity - parse error in message type 0 x/crypto/ssh: malformed SSH identity - parse error in message type 0 Apr 5, 2022
@cherrymui
Copy link
Member

cc @FiloSottile @rolandshoemaker

@caarlos0
Copy link
Contributor

caarlos0 commented Mar 8, 2024

How can I help moving this forward?

@drakkan
Copy link
Member

drakkan commented Mar 17, 2024

How can I help moving this forward?

@caarlos0 I think the first step is to add the Rest attribute to openSSHEncryptedPrivateKey so we return at least a proper error. If you want to send a CL to add support for other ciphers I will be glad to review it. Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Development

No branches or pull requests

5 participants