[Bug 1615305] Re: Output when changing comment is weird and badly documented

Nish Aravamudan nish.aravamudan at canonical.com
Wed Aug 24 22:54:34 UTC 2016 

Hello Karol,

Thank you for reporting this issue.

What led you to the "impression that this is not applicable to newer
keys"? The manpage specifically says, as you quoted "This operation is
only supported for RSA1 keys and keys stored in the newer OpenSSH
format." And this, in turn, specifically documents that you need to use
the "newer OpenSSH format" for any non-RSA1 key (afaict). And searching
the `man ssh-keygen` page, one gets:

"     For RSA1 keys and keys stored in the newer OpenSSH format, there is also
     a comment field in the key file that is only for convenience to the user
     to help identify the key.  The comment can tell what the key is for, or
     whatever is useful.  The comment is initialized to “user at host” when the
     key is created, but can be changed using the -c option.
"

I agree that the comment being reported as '(null)' is probably a real
bug, but it most likely should be filed upstream if it reproducible with
the latest versions.

In which bug tracker is 811125 that you referred to? It is not an Ubuntu
bug, afaict.

Thanks,
Nish

** Changed in: openssh (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1615305

Title:
  Output when changing comment is weird and badly documented

Status in openssh package in Ubuntu:
  Incomplete

Bug description:
  Changing a key comment within a private key might not be something you
  do on a daily basis, but it is mostly a frustrating task, since the
  documentation is incomplete and wrong. In particular the man page
  says:

         -c     Requests changing the comment in the private and public key files.  This operation is only supported for RSA1 keys and keys stored in  the  newer  OpenSSH
                format.  The program will prompt for the file containing the private keys, for the passphrase if the key has one, and for the new comment.

  So, one gets the impression that this is not applicable to newer keys.
  However bug #811125 dealt with this, and there was a commit (see [1])
  that added support for basically all key types. In the case of RSA
  keys one has to use the new key format though (-o), which can only be
  find out with trial and error and is not documented at all.

  Furthermore the output of an actual ssh-keygen run is also confusing:

  [kbabioch at antares .ssh]$ ssh-keygen -c -C "new comment" -f id_rsa -o
  Enter passphrase: 
  Key now has comment '(null)'
  The comment in your key file has been changed.

  The output tells me that the key is now empty (null). However the
  comment is correctly set, so while this works as intended, it is
  confusing to the user.

  [1] https://github.com/openssh/openssh-
  portable/commit/4d90625b229cf6b3551d81550a9861897509a65f#diff-
  8a50ef3f3b9ea11be3c3b2fc1c0555b3

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1615305/+subscriptions

More information about the foundations-bugs mailing list