Seahorse "Invalid file format" when importing key

fukawi2 · 08-19-2009, 06:18 PM

Can someone help me out with why I can't import one of my SSH keys in to Seahorse? I get the following error when I try:

Quote:

Couldn't import keys
file:///home/fukawi2/.ssh/privatekey_nwb.dsa: invalid file format

Without posting my private key, here's the format:

Quote:

-----BEGIN DSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,F44490FC03F38597

<KEY GOES HERE>
-----END DSA PRIVATE KEY-----

Opening this key using ssh-add works fine, but that's getting annoying having to do that everytime I login.

Gnome 2.26 w/ Seahorse 2.26.2

jschiwal · 08-21-2009, 08:28 AM

How did you generate this key? The filename & format look foreign.

Code:

I generated a temporary key for this post using "ssh-keygen -t dsa -b 1024".
The ssh-keygen program can import some keys from commercial products and convert them to an ssh2 format.

fukawi2 · 08-23-2009, 06:12 PM

I tried this, redirecting to a new file but the new file still can't be imported because of the same error.

Code:

fukawi2 ~  $ ssh-keygen -e -f .ssh/privatekey_nwb.dsa 
Enter passphrase: 
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "2048-bit DSA, converted from OpenSSH by fukawi2@desktop"
AAAAB3Nza<REST OF KEY HERE>
---- END SSH2 PUBLIC KEY ----

EDIT: the key was generated for me by my boss who manages all that stuff...

jschiwal · 08-24-2009, 04:17 AM

I generated another temp dsa key. The form looks just like the one from your original post.

Look at the default .xinitrc file, possibly from /etc/skel/.xinitrc-sample.

Code:

# run Xmodmap settings
xmodmap $HOME/.Xmodmap

#
# Uncomment next lines to activate asking for ssh passphrase
#
# if test -S "$SSH_AUTH_SOCK" -a -x "$SSH_ASKPASS"; then
#       ssh-add < /dev/null
# fi

#
# Add your own lines here...
#

This will allow you to enter the passphrase once when you log in to any destop environment you have setup.
If you use gdm or xdm, grep the config files for ssh-agent or usessh. This would allow you to run ssh-add when you log in and not need to do it again every time you open a new terminal. I had tried putting similar code in .profile but for some reason, I would be prompted twice.

fukawi2 · 08-24-2009, 04:20 AM

I don't think so -- everything we do / use is Linux-based. We have our own internal distribution based off FC6 and AFAIK it's just standard OpenSSL / OpenSSH. I'll check with him though.

jschiwal · 08-24-2009, 05:09 AM

Sorry, I discovered my own post was wrong and changed it on you.
It looks like seahorse doesn't handle the ssh-agent key. Using ssh-agent on login should work out just as well.

fukawi2 · 08-24-2009, 06:36 PM

Thanks -- I didn't have an .xinitrc so I copied from /etc/skel/ but it didn't have anything about SSH ask pass. I've copied and pasted from your post so I'll see how that goes

jschiwal · 08-26-2009, 02:37 AM

I don't know if this will help, but here is the pstree output leading to ssh-agent on my laptop.

Code:

|-kdm-+-Xorg
     |     `-kdm---startkde-+-gpg-agent
     |                      |-kwrapper4
     |                      `-ssh-agent

A fragment of startkde

Code:

# Source scripts found in <localprefix>/env/*.sh and <prefixes>/env/*.sh
# (where <localprefix> is $KDEHOME or ~/.kde, and <prefixes> is where KDE is installed)
#
# This is where you can define environment variables that will be available to
# all KDE programs, so this is where you can run agents using e.g. eval `ssh-agent`
# or eval `gpg-agent --daemon`.
# Note: if you do that, you should also put "ssh-agent -k" as a shutdown script
#
# (see end of this file).
# For anything else (that doesn't set env vars, or that needs a window manager),
# better use the Autostart folder.

When you manually use ssh-add, you might do this:
eval $(ssh-agent)
ssh-add

The ssh-add program uses environmental variables set for the session.
ssh-agent needs to be run before ssh-add.

Also look in /etc/X11/xdm/sys.xsession. Your system may source it even if xdm isn't used. It has options for ssh, gpg and even has notes about seahorse.

Code:

#
# If ssh is configured and ssh-agent is wanted set "yes"
#
usessh=yes

#
# If gpg is configured and gpg-agent is wanted set "yes"
#
usegpg=yes

Your mileage may vary of course. Startup and configuration scripts vary by distribution. It would be a good idea to grep for the terms "ssh", "ssh-agent", "ssh-add" and "seahorse" for files in /etc/, and running pstree to get a picture on how processes are started when you log in.