Change Details

The gpg-agent should provide populate the comment field when providing a SSH formatted key, ideally identifying the user (primary uid) or the gpg authentication subkey's id or fingerprint. The following detail was originally posted to the mailing list (https://lists.gnupg.org/pipermail/gnupg-users/2016-October/056911.html) The SSH public key format contains a comment field (RFC4716, s3.3.2): The comment header contains a user-specified comment. user@example.com >From "man sshd": Public keys consist of the following space-separated fields: options, keytype, base64-encoded key, comment. The comment field is not used for anything (but may be convenient for the user to identify the key). If I load an SSH key from a file using 'ssh-add' the comment field is populated with the file name (i.e. "alice.pem") if the gpg-agent does not already contain that key. If I do "ssh-add -L" I will see "alice.pem" at the end of the output: ssh-rsa AAAAB3NzaC1yc2EAAAADAQAHT...IfFoxh2j13b3 alice.pem If the key is in the agent because of the gpg keyring then it is known as "(none)". If I do "ssh-add -L" I will see "(none)" at the end of the output: ssh-rsa AAAAB3NzaC1yc2EAAAADAQAHT...IfFoxh2j13b3 (none) The reason that I stumbled upon this was because I was debugging a ssh connection that used the gpg-agent and the ssh debugging output displayed the following misleading output: debug1: Offering RSA public key: (none) which means the public key called "(none)" rather than, as I initially interpreted it, no public key. It's also useful client-side to see who a public key belongs to. It would be good if the comment field reflected the key source, perhaps the short (or long) key id. For example: ssh-rsa AAAAB3NzaC1yc2EAAAADAQAHT...IfFoxh2j13b3 (3A808C39) Or even the primary uid of the key ssh-rsa AAAAB3NzaC1yc2EAAAADAQAHT...IfFoxh2j13b3 alice@example.org

The gpg-agent should provide populate the comment field when providing a SSH formatted key, ideally identifying the user (primary uid) or the gpg authentication subkey's id or fingerprint. The following detail was originally posted to the mailing list (https://lists.gnupg.org/pipermail/gnupg-users/2016-October/056911.html) The SSH public key format contains a comment field (RFC4716, s3.3.2): The comment header contains a user-specified comment. user@example.com >From "man sshd": Public keys consist of the following space-separated fields: options, keytype, base64-encoded key, comment. The comment field is not used for anything (but may be convenient for the user to identify the key). If I load an SSH key from a file using 'ssh-add' the comment field is populated with the file name (i.e. "alice.pem") if the gpg-agent does not already contain that key. If I do "ssh-add -L" I will see "alice.pem" at the end of the output: ssh-rsa AAAAB3NzaC1yc2EAAAADAQAHT...IfFoxh2j13b3 alice.pem If the key is in the agent because of the gpg keyring then it is known as "(none)". If I do "ssh-add -L" I will see "(none)" at the end of the output: ssh-rsa AAAAB3NzaC1yc2EAAAADAQAHT...IfFoxh2j13b3 (none) The reason that I stumbled upon this was because I was debugging a ssh connection that used the gpg-agent and the ssh debugging output displayed the following misleading output: debug1: Offering RSA public key: (none) which means the public key called "(none)" rather than, as I initially interpreted it, no public key. It's also useful client-side to see who a public key belongs to. It would be good if the comment field reflected the key source, perhaps the short (or long) key id. For example: ssh-rsa AAAAB3NzaC1yc2EAAAADAQAHT...IfFoxh2j13b3 (3A808C39) Or even the primary uid of the key ssh-rsa AAAAB3NzaC1yc2EAAAADAQAHT...IfFoxh2j13b3 alice@example.org

The gpg-agent should provide populate the comment field when providing a SSH formatted key, ideally identifying the user (primary uid) or the gpg authentication subkey's id or fingerprint. The following detail was originally posted to the mailing list (https://lists.gnupg.org/pipermail/gnupg-users/2016-October/056911.html) The SSH public key format contains a comment field (RFC4716, s3.3.2): The comment header contains a user-specified comment. user@example.com >From "man sshd": Public keys consist of the following space-separated fields: options, keytype, base64-encoded key, comment. The comment field is not used for anything (but may be convenient for the user to identify the key). If I load an SSH key from a file using 'ssh-add' the comment field is populated with the file name (i.e. "alice.pem") if the gpg-agent does not already contain that key. If I do "ssh-add -L" I will see "alice.pem" at the end of the output: ssh-rsa AAAAB3NzaC1yc2EAAAADAQAHT...IfFoxh2j13b3 alice.pem If the key is in the agent because of the gpg keyring then it is known as "(none)". If I do "ssh-add -L" I will see "(none)" at the end of the output: ssh-rsa AAAAB3NzaC1yc2EAAAADAQAHT...IfFoxh2j13b3 (none) The reason that I stumbled upon this was because I was debugging a ssh connection that used the gpg-agent and the ssh debugging output displayed the following misleading output: debug1: Offering RSA public key: (none) which means the public key called "(none)" rather than, as I initially interpreted it, no public key. It's also useful client-side to see who a public key belongs to. It would be good if the comment field reflected the key source, perhaps the short (or long) key id. For example: ssh-rsa AAAAB3NzaC1yc2EAAAADAQAHT...IfFoxh2j13b3 (3A808C39) Or even the primary uid of the key ssh-rsa AAAAB3NzaC1yc2EAAAADAQAHT...IfFoxh2j13b3 alice@example.org