Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/ssh: malformed SSH identity - parse error in message type 0 #52135

Open
flotester opened this issue Apr 4, 2022 · 2 comments
Open

x/crypto/ssh: malformed SSH identity - parse error in message type 0 #52135

flotester opened this issue Apr 4, 2022 · 2 comments
Labels
NeedsInvestigation
Milestone

Comments

@flotester
Copy link

@flotester flotester commented Apr 4, 2022

What version of Go are you using (go version)?

$ go version: 1.18

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

$ go env: all

What did you do?

Using FiloSottile age cli tool under the conditions listed, an error was encountered:
age version: v1.0.0
ssh key used (With Passphrase): ssh-keygen -t ed25519 -f age-ssh -a 100 -Z "chacha20-poly1305@openssh.com"

$ age -d -i age-ssh test.txt.age > test_decrypted.txt
$ age: error: reading "age-ssh": malformed SSH identity in "age-ssh": ssh: parse error in message type 0

For further details please see this issue: FiloSottile/age#407

Narrowing down the problem
I have investigated some more and found some conditions under which the problem occurs:

The problem does not occur with keys generated like this:

ssh-keygen -f key -t ed25519 -Z 3des-cbc (with password)
ssh-keygen -f key -t ed25519 -Z aes128-cbc (with password)
ssh-keygen -f key -t ed25519 -Z aes192-cbc (with password)
ssh-keygen -f key -t ed25519 -Z aes256-cbc (with password)
ssh-keygen -f key -t ed25519 -Z aes128-ctr (with password)
ssh-keygen -f key -t ed25519 -Z aes192-ctr (with password)
ssh-keygen -f key -t ed25519 -Z aes256-ctr (with password)
ssh-keygen -f key -Z aes256-ctr (with password)
ssh-keygen -f key -Z aes256-ctr (without password)
ssh-keygen -f key -Z aes128-gcm@openssh.com (without password)
ssh-keygen -f key -Z aes256-gcm@openssh.com (without password)
ssh-keygen -f key -Z chacha20-poly1305@openssh.com (without password)
The problem does occur with keys generated like this:

ssh-keygen -f key -t ed25519 -Z aes128-gcm@openssh.com (with password)
ssh-keygen -f key -t ed25519 -Z aes256-gcm@openssh.com (with password)
ssh-keygen -f key -t ed25519 -Z chacha20-poly1305@openssh.com (with password)
ssh-keygen -f key -Z chacha20-poly1305@openssh.com (with password)

It seems to me like the problem only occurs when using the ciphers aes128-gcm@openssh.com, aes256-gcm@openssh.com and chacha20-poly1305@openssh.com and only when using a password protected key. The type of key seems to be irrelevant.

What did you expect to see?

A decrypted file with no cli errors

What did you see instead?

The error message mentioned above instead
Note: Encryption seemed to work fine in this instance

@flotester flotester changed the title affected/package: golang.org/x/crypto/ssh. malformed SSH identity: parse error in message type 0 golang.org/x/crypto/ssh: malformed SSH identity - parse error in message type 0 Apr 4, 2022
@codesoap
Copy link
Contributor

@codesoap codesoap commented Apr 5, 2022

I'm not familiar with the code, but there seem to be some trailing, unprocessed bytes in the key which lead to the error. I can see that in other places in the library a "Rest" attribute is used to catch such trailing bytes. If the same is done here, the original error disappears:

diff --git a/ssh/keys.go b/ssh/keys.go
index 1c7de1a..659fd63 100644
--- a/ssh/keys.go
+++ b/ssh/keys.go
@@ -1261,6 +1261,7 @@ func parseOpenSSHPrivateKey(key []byte, decrypt openSSHDecryptFunc) (crypto.Priv
                NumKeys      uint32
                PubKey       []byte
                PrivKeyBlock []byte
+               Rest         []byte `ssh:"rest"`
        }

        if err := Unmarshal(remaining, &w); err != nil {

However, in place of the old error, there will be a new one which clarifies the underlying problem:

ssh: unknown cipher "chacha20-poly1305@openssh.com", only supports "aes256-ctr" or "aes256-cbc"

@cherrymui cherrymui added the NeedsInvestigation label Apr 5, 2022
@cherrymui cherrymui added this to the Unreleased milestone Apr 5, 2022
@cherrymui cherrymui changed the title golang.org/x/crypto/ssh: malformed SSH identity - parse error in message type 0 x/crypto/ssh: malformed SSH identity - parse error in message type 0 Apr 5, 2022
@cherrymui
Copy link
Member

@cherrymui cherrymui commented Apr 5, 2022

cc @FiloSottile @rolandshoemaker

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
NeedsInvestigation
Projects
None yet
Development

No branches or pull requests

3 participants