ssh-add results in invalid format

[theking2]

trafficstars

Prerequisites

• [X] Write a descriptive title.
• [X] Make sure you are able to repro it on the latest version
• [X] Search the existing issues.

Steps to reproduce

ssh-add

Expected behavior

should add the created keys to ssh-agent

Actual behavior

results in a invalid format:

Could not add identity "D:\Users\Johannes/.ssh/id_rsa": invalid format
Could not add identity "D:\Users\Johannes/.ssh/id_ed25519": invalid format

Error details

>Get-Service ssh-agent


Status   Name               DisplayName
------   ----               -----------
Running  ssh-agent          OpenSSH Authentication Agent

Furthermore:

ssh-add -l

error fetching identities: invalid format

### Environment data

```PowerShell
Name                           Value
----                           -----
PSVersion                      5.1.19041.4648
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.19041.4648
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version

OpenSSH_for_Windows_8.1p1, LibreSSL 3.0.2

Visuals

No response

[maertendMSFT]

@theking2, can you share your logs? When were these keys generated? Were they generated with Win32-OpenSSH?

You can get the logs by running the ssh-agent with the -ddd parameter.

• client side: run ssh-agent in debug mode
  • Stop-Service ssh-agent (if agent service is running)
  • ssh-agent.exe -ddd run via cmd or powershell
  • This will dump debug logs in real time to stdout on the console

[theking2]

As administrator

> ssh-agent -ddd
agent_start pid:20244, dbg:1

No other lines are written in another powershell:

> ssh-add .\id_email_example_com
Could not add identity ".\id_email_example_com": invalid format
> cat \id_email_example_com
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACBSRZn1EZ7AX9VnPmFT0eRnXlXVtD4p5i7vZxuIBugNOAAAAJio+jAzqPow
MwAAAAtzc2gtZWQyNTUxOQAAACBSRZn1EZ7AX9VnPmFT0eRnXlXVtD4p5i7vZxuIBugNOA
AAAEAPy7z35qhBjE+zSgwGkjF9VJQ/EhS7NSDMZEiwECDOAVJFmfURnsBf1Wc+YVPR5Gde
VdW0PinmLu9nG4gG6A04AAAAEWVtYWlsQGV4YW1wbGUuY29tAQIDBA==
-----END OPENSSH PRIVATE KEY-----

The key has a single trailing 0x0A. Format-hex .\id_email_example_com:

00000000   2D 2D 2D 2D 2D 42 45 47 49 4E 20 4F 50 45 4E 53  -----BEGIN OPENS
00000010   53 48 20 50 52 49 56 41 54 45 20 4B 45 59 2D 2D  SH PRIVATE KEY--
00000020   2D 2D 2D 0A 62 33 42 6C 62 6E 4E 7A 61 43 31 72  ---.b3BlbnNzaC1r
00000030   5A 58 6B 74 64 6A 45 41 41 41 41 41 42 47 35 76  ZXktdjEAAAAABG5v
00000040   62 6D 55 41 41 41 41 45 62 6D 39 75 5A 51 41 41  bmUAAAAEbm9uZQAA
00000050   41 41 41 41 41 41 41 42 41 41 41 41 4D 77 41 41  AAAAAAABAAAAMwAA
00000060   41 41 74 7A 63 32 67 74 5A 57 0A 51 79 4E 54 55  AAtzc2gtZW.QyNTU
00000070   78 4F 51 41 41 41 43 42 53 52 5A 6E 31 45 5A 37  xOQAAACBSRZn1EZ7
00000080   41 58 39 56 6E 50 6D 46 54 30 65 52 6E 58 6C 58  AX9VnPmFT0eRnXlX
00000090   56 74 44 34 70 35 69 37 76 5A 78 75 49 42 75 67  VtD4p5i7vZxuIBug
000000A0   4E 4F 41 41 41 41 4A 69 6F 2B 6A 41 7A 71 50 6F  NOAAAAJio+jAzqPo
000000B0   77 0A 4D 77 41 41 41 41 74 7A 63 32 67 74 5A 57  w.MwAAAAtzc2gtZW
000000C0   51 79 4E 54 55 78 4F 51 41 41 41 43 42 53 52 5A  QyNTUxOQAAACBSRZ
000000D0   6E 31 45 5A 37 41 58 39 56 6E 50 6D 46 54 30 65  n1EZ7AX9VnPmFT0e
000000E0   52 6E 58 6C 58 56 74 44 34 70 35 69 37 76 5A 78  RnXlXVtD4p5i7vZx
000000F0   75 49 42 75 67 4E 4F 41 0A 41 41 41 45 41 50 79  uIBugNOA.AAAEAPy
00000100   37 7A 33 35 71 68 42 6A 45 2B 7A 53 67 77 47 6B  7z35qhBjE+zSgwGk
00000110   6A 46 39 56 4A 51 2F 45 68 53 37 4E 53 44 4D 5A  jF9VJQ/EhS7NSDMZ
00000120   45 69 77 45 43 44 4F 41 56 4A 46 6D 66 55 52 6E  EiwECDOAVJFmfURn
00000130   73 42 66 31 57 63 2B 59 56 50 52 35 47 64 65 0A  sBf1Wc+YVPR5Gde.
00000140   56 64 57 30 50 69 6E 6D 4C 75 39 6E 47 34 67 47  VdW0PinmLu9nG4gG
00000150   36 41 30 34 41 41 41 41 45 57 56 74 59 57 6C 73  6A04AAAAEWVtYWls
00000160   51 47 56 34 59 57 31 77 62 47 55 75 59 32 39 74  QGV4YW1wbGUuY29t
00000170   41 51 49 44 42 41 3D 3D 0A 2D 2D 2D 2D 2D 45 4E  AQIDBA==.-----EN
00000180   44 20 4F 50 45 4E 53 53 48 20 50 52 49 56 41 54  D OPENSSH PRIVAT
00000190   45 20 4B 45 59 2D 2D 2D 2D 2D 0A                 E KEY-----.

[theking2]

Formatted as a single line (removing all but the last 0x0A) has the same result. Removing all 0x0A has the same result.

[theking2]

Removed an reinstalled OpenSSH-client from Settings/Optional

[theking2]

> Get-Command ssh-add

CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Application     ssh-add.exe                                        8.1.0.1    C:\Windows\System32\OpenSSH\ssh-add.exe

> Get-Command ssh-agent

CommandType     Name                                               Version    Source
-----------     ----                                               -------    ------
Application     ssh-agent.exe                                      8.1.0.1    C:\Windows\System32\OpenSSH\ssh-agent.exe

[theking2]

Mystery solved.

From another agent there was a left-over system environment variable SSL_AUTH_SOCK. It almost looks like either ssh-agent or ssh-add does not observe this variable. I believe ssh-agent creates named pipe openssh-ssh-agent regardless of the setting of SSH_AUTH_SOCK. This could be considered as a bug. Both ssh-agent and ssh-add should use the same named pipe.

Suggestion

In the bug report include a section to provide the current system environment variables as the output of [System.Environment]::GetEnvironmentVariables([System.EnvironmentVariableTarget]::Machine) or perhaps Get-Content or simply Get-Content Env:SSH_AUTH_SOCK. For better trouble shooting

[theking2]

I reopen as I made a suggestion that could be included in the bug template