Bug 7760 - It is not possible to authenticate with publickey from Windows if private key contains CRLF
Summary: It is not possible to authenticate with publickey from Windows if private key...
Status: NEW
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Client (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: LowPrio
Assignee: Bugzilla mail exporter
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-09-02 14:12 CEST by Martin Östlund
Modified: 2021-09-07 12:35 CEST (History)
1 user (show)

See Also:
Acceptance Criteria:
User should be able to use key file containing CRLF for authentication.


Attachments

Description Martin Östlund cendio 2021-09-02 14:12:59 CEST
Description
========
When using Thinlinc native client on Windows platform and using public key authentication, login can fail if the format of the private key is wrong, i.e containing CRLF instead of LF.

CRLF is Carriage Return Line Feed, and is newline in Windows format. While on Linux it's only Line Feed.

How to trigger
===============
This can happen if a user for example has generated a private key on some other system, and then copy + paste this key to notepad and saves it to disk, and then refer to this key in Thinlinc client.

tlclient.log on a 4.12.1 client
================================
2021-09-02T13:50:13: Log file created
2021-09-02T13:50:13: ThinLinc client release 4.12.1 build 6733
...
2021-09-02T13:50:22: ssh[E]: Load key "C:\\Users\\cendio.LAB\\.ssh\\id_rsa": invalid format
2021-09-02T13:50:22: ssh[E]: debug1: No more authentication methods to try.

tlclient.log on a 4.13.0 client
================================
2021-09-02T13:56:48: Log file created for ThinLinc client running on process 5980
2021-09-02T13:56:48: ThinLinc client release 4.13.0 build 2172
...
2021-09-02T14:00:27: ssh[E]: Load key "C:\\Users\\cendio.LAB\\.ssh\\id_rsa": file changed while reading
2021-09-02T14:00:27: ssh[E]: debug1: No more authentication methods to try.

Work around
================================
Either a) generate the keypair directly on Windows using ssh-keygen, or b) transfer your private key by some other means than copy + pasting into notepad or other product that will introduce CRLF endings. c) It might be possible to replace CRLF with LF in some 3rd party utilities such as Notepad++

Expected result
================================
This should work. We (Our OpenSSH implementation) should probably detect that the private key contains CRLF and respect this...
Comment 2 Pierre Ossman cendio 2021-09-02 14:18:32 CEST
(In reply to Martin Östlund from comment #0)
> 2021-09-02T14:00:27: ssh[E]: Load key "C:\\Users\\cendio.LAB\\.ssh\\id_rsa":
> file changed while reading

This very odd error message is explained by the fact that ssh compares the size on disk (fstat()) with how many bytes it actually read. And Windows will magically convert CRLF to LF when reading the file, meaning the data read is a few bytes less than the actual size.

This code was present in 4.12.1 as well, so it's very odd that we are getting different error messages.

Note You need to log in before you can comment on or make changes to this bug.