https://bugzilla.mindrot.org/show_bug.cgi?id=2788
Bug ID: 2788
Summary: ssh(1) man page should note id_rsa encryption now uses
AES, not 3DES
Product: Portable OpenSSH
Version: 7.6p1
Hardware: Other
URL: https://bugs.debian.org/614818
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: Documentation
Assignee: [email protected]
Reporter: [email protected]
In https://bugs.debian.org/614818, Calum Mackay reported the following,
and I've checked that this is still the case in 7.6p1:
In the FILES section of ssh(1), it says:
~/.ssh/id_rsa
Contains the private key for authentication. These files
contain
sensitive data and should be readable by the user but not
acces‐
sible by others (read/write/execute). ssh will simply
ignore a
private key file if it is accessible by others. It is
possible
to specify a passphrase when generating the key which will
be
used to encrypt the sensitive part of this file using
3DES.
However, in a recent release, ssh-keygen has switched to using AES, not
3DES, to encrpyt the private key. This is noted in the ssh-keygen(1)
page,
in this same pkg:
~/.ssh/id_rsa
Contains the protocol version 2 DSA, ECDSA or RSA
authentication
identity of the user. This file should not be readable by
anyone
but the user. It is possible to specify a passphrase when
gener‐
ating the key; that passphrase will be used to encrypt the
pri‐
vate part of this file using 128-bit AES. [...]
This section should probably be the same across both man pages.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
