GNOME Bugzilla – Bug 750986
unable to handle ssh keys with PBKDF
Last modified: 2018-03-09 15:35:48 UTC
**Reposted from https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1464296 as requested in Ubuntu Launchpad*** Today I wanted to upgrade the security of my SSH keys to use PBKDF. After struggling with ssh-agent I realised that either Gnome Keyring was unable to handle the new ssh key or it was a problem with ssh-agent. After troubleshooting historic bugs with ssh-agent I was unable to make it work. It always returned the error "Agent admitted failure to sign using the key on big endian machines" The problem seems to be that Gnome Keyring is unable to handle the complex newly encoded passphrase. Steps to reproduce: 1. Create a SSH key with PBKDF ssh-keygen -b 4096 -o -a 500 2. Either overwrite or create new keys with default identity id_rsa 3. Protect it with a strong password (256-But Hex Key) 4. Delete previous keys stored by ssh-agent ssh-add -D (for manual entries) ssh-add -d (for automatic entries) 5. Reset ssh-agent to be extra confident that ssh-agent is not storing anything in memory killall ssh-agent; eval `ssh-agent` 6. Add the new key ssh-add 7. You may get an error when trying to use keys to ssh a server saying "Agent admitted failure to sign using the key on big endian machines" Disabling ssh-agent means that I'm able to input password in console and use my private key. I can then log in to my server OK. So I don't think there are problems with the generation of keys either About my machine: Ubuntu 15.04
gnome-keyring should just wrap stock ssh-agent to solve this problem: https://bugzilla.gnome.org/show_bug.cgi?id=775981