Page MenuHome GnuPG
Create Task
Maniphest T6212

The ssh keys are no longer returned in the order from control file after T5996
Closed, ResolvedPublic
Actions

Description

The T5996 introduced semantic changes how the ssh keys are returned. Previously, the order was determined by the order of keys in the control file, now they are sorted by keygrip fingerprint (as the control file is only consulted after the key is read from file?). This is a regression as the SSH relies on the order of the keys returned and tries them in this order, unless overridden with IdentitiesOnly and IdentityFile options.

Details

External Link
https://bugzilla.redhat.com/show_bug.cgi?id=2119247
Version
master, 2.3.6

Revisions and Commits

rG GnuPG
rG98b8c518fa0b ssh: Allow to prefer on-disk keys over active card keys.
rG8b8a8b246c44 ssh: Allow to define the order in which keys are returned.
rGf35e7dbf9e71 common: Slight redefinition of nvc_get_boolean.

Related Objects

Event Timeline

Jakuje created this task.Sep 19 2022, 3:12 PM
werner triaged this task as Normal priority.Sep 19 2022, 8:19 PM
werner edited projects, added Feature Request, ssh; removed Bug Report.
werner added a subscriber: werner.

We want to get rid of sshcontrol but we could keep it as an optional configuration to sort keys. I won't say it is a bug, though.

canti59 added a commit: rG8046fcac63db: po: Update Czech translation..Oct 14 2022, 2:10 AM
gniibe removed a commit: rG8046fcac63db: po: Update Czech translation..Oct 14 2022, 2:50 AM
mss added a subscriber: mss.Oct 24 2022, 1:41 AM
werner added a project: gnupg24.Dec 13 2022, 11:21 AM
werner removed a project: gnupg (gpg23).Jan 19 2023, 4:44 PM
werner added a comment.Jan 24 2023, 10:06 AM

Let's first collect all keys, assign a priority, sort, and only then send them back to ssh.

werner added a commit: rGf35e7dbf9e71: common: Slight redefinition of nvc_get_boolean..Jan 24 2023, 10:07 AM
werner moved this task from Backlog to WiP on the gnupg24 board.Jan 31 2023, 12:40 PM
werner moved this task from WiP to QA on the gnupg24 board.Feb 1 2023, 9:29 AM

See the the commit for a description of the changes.

werner added a commit: rG8b8a8b246c44: ssh: Allow to define the order in which keys are returned..Feb 1 2023, 9:30 AM
werner changed the task status from Open to Testing.Feb 1 2023, 9:36 AM
werner moved this task from QA to WiP on the gnupg24 board.
werner moved this task from WiP to QA on the gnupg24 board.
werner added a commit: rG98b8c518fa0b: ssh: Allow to prefer on-disk keys over active card keys..Apr 18 2023, 9:04 AM
werner moved this task from QA to gnupg-2.4.1 on the gnupg24 board.Apr 18 2023, 9:42 AM
werner edited projects, added gnupg24 (gnupg-2.4.1); removed gnupg24.
ebo closed this task as Resolved.Apr 26 2023, 9:20 AM
ebo claimed this task.
werner mentioned this in T6454: Release GnuPG 2.4.1.Apr 28 2023, 2:45 PM