Cannot add ed25519 SSH key with empty comment
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	geigerzaehler
	Jan 21 2022, 11:04 AM

Description

Adding an ed25519 SSH key with an empty comment via the SSH agent protocol fails. The following is a base64-encoded SSH agent request payload (with random key data) that triggers the issue.

AAAAfBEAAAALc3NoLWVkMjU1MTkAAAAgGJCw2uxINuPM1+lWaTJH1iKTrJUuI2oTsL/WsmgQHoUA
AABABcLiE8wDS3RCjNoXrhyCZMPJZJpaUkBklvk1u1AHXscYkLDa7Eg248zX6VZpMkfWIpOslS4j
ahOwv9ayaBAehQAAAAA=

The request payload ends with the bytes 0x00 0x00 0x00 0x00 signifying an empty comment string according to the SSH agent protocol and the SSH data representation.

You can reproduce the issue by running

socat UNIX-CONNECT:/run/user/1000/gnupg/S.gpg-agent.ssh - < payload | hexdump -C

The response payload is 0x05 (SSH_AGENT_FAILURE) and ssh-add -l does not show the key.

The OpenSSH agent accepts this payload:

ssh-agent -a ssh-agent.sock -D
socat UNIX-CONNECT:ssh-agent.sock - < payload | hexdump -C
SSH_AUTH_SOCK=ssh-agent.sock ssh-add -l

Details

Version: 2.2.32

Revisions and Commits

rG GnuPG
	rG2331900d1cc0 ssh: Fix adding an ed25519 key with a zero length comment.
	rG934a60de6b88 ssh: Fix adding an ed25519 key with a zero length comment.