aes256-ctr not supported for private keys

[brohee]

Hi,

Newer OpenSSH versions seem to create private keys enciphered with aes256-ctr by default, at least for ed25519 keys, making them impossible to load with SSH.NET. Given than ssh-keygen doesn't provide a handy way to reencode the key, it's pretty annoying.

Stacktrace of an attempt at loading such a key:

Renci.SshNet.Common.SshException: cipher name aes256-ctr for openssh key file is not supported
   . Renci.SshNet.PrivateKeyFile.ParseOpenSshV1Key(Byte[] keyFileData, String passPhrase)
   . Renci.SshNet.PrivateKeyFile.Open(Stream privateKey, String passPhrase)
   . Renci.SshNet.PrivateKeyFile..ctor(Stream privateKey, String passPhrase)

[darinkes]

This PR includes this: #614

[MAGICCC]

Seems we need to have a release so other programs can update their dependencies against the new release

[lilhoser]

When will this fix be available?

[darkoperator]

No nuget released announced yet, but you can git pull and conpile

…

Sent from my iPhone

On Jan 7, 2022, at 5:35 PM, lilhoser ***@***.***> wrote:  When will this fix be available? — Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android. You are receiving this because you are subscribed to this thread.

[kcadduk]

I don't suppose you have an update on the next release to fix this issue?

[Dean-NC]

I'm using the main branch (version 2020.0.1) so I also get this error. I know it's fixed in the develop branch, but I decided to not use a password on the key right now, which avoids the error. Hopefully a new main release will get put out soon.

[icedream]

This specific cipher is currently not implemented in the case of decrypting OpenSSH V1 keys:

https://github.com/sshnet/SSH.NET/blob/2020.0.2/src/Renci.SshNet/PrivateKeyFile.cs#L427-L455

The code simply assumes the encryption is either aes256-cbc or non-existent, otherwise it fails. So someone needs to implement aes256-ctr (and preferably other possible ciphers for this case).

[MAGICCC]

If you want to use ed25519 keys you may change the encryption cipher using the -Z parameter

-Z cipher
Specifies the cipher to use for encryption when writing an OpenSSH-format private key file. The list of available ciphers may be >obtained using "ssh -Q cipher". The default is “aes256-ctr”.

ssh-keygen -t ed25519 -b 384 -C "<comment>" -f <output_keyfile> -Z aes256-cbc

[ming86]

If you want to use ed25519 keys you may change the encryption cipher using the -Z parameter

-Z cipher
Specifies the cipher to use for encryption when writing an OpenSSH-format private key file. The list of available ciphers may be >obtained using "ssh -Q cipher". The default is “aes256-ctr”.

ssh-keygen -t ed25519 -b 384 -C "<comment>" -f <output_keyfile> -Z aes256-cbc

If you want to change passphrase and cipher of an existing ed25519 key

ssh-keygen -f <private_keyfile> -p -Z aes256-cbc

enter the passphrase as prompts.

[tparikka]

Is there a release date planned for this fix?

[Dean-NC]

I think a release should be made. It's been a while.

[nandostyle]

So basically, you have to force the cipher to be aes256-cbc?

[Rob-Hague]

Fixed by #614 which is in the 2023.0.0 release