Bug#579274: seahorse: Segfaults when importing ssh key with passphrase.

Sat Mar 12 06:13:05 UTC 2011

Seahorse lets you put SSH keys into what it shows in the "My Personal 
Keys" section in its GUI.  But if you try to import a private SSH key 
into there using File/Import, telling it the name of an id_rsa file, it 
crashes with this sort of error message as already encountered by Philipp:

Mar 11 23:15:29 hostname kernel: [ 1470.159790] seahorse[4899]: segfault 
at 100 ip 0000000000473b60 sp 00007fff6cac30a0 error 4 in 
seahorse[400000+ac000]

Which I'm still seeing in a current Squeeze.  I built a package with 
debugging symbols and generated a backtrace of the problem:

Program received signal SIGSEGV, Segmentation fault.
0x0000000000473b78 in seahorse_ssh_key_data_parse (data=<value optimized 
out>,
     public_cb=<value optimized out>, secret_cb=0x46ed20 
<import_private_key>, arg=0x7fffffffd260)
     at seahorse-ssh-key-data.c:245
245            for (; *line && g_ascii_isspace (*line); line++)
(gdb) bt
#0  0x0000000000473b78 in seahorse_ssh_key_data_parse (data=<value 
optimized out>,
     public_cb=<value optimized out>, secret_cb=0x46ed20 
<import_private_key>, arg=0x7fffffffd260)
     at seahorse-ssh-key-data.c:245
#1  0x000000000046ecef in seahorse_ssh_source_import (sksrc=<value 
optimized out>,
     input=<value optimized out>) at seahorse-ssh-source.c:523
#2  0x000000000042690a in import_files (self=0x719800, 
uris=0x7fffffffd2f0) at seahorse-key-manager.c:453
#3  0x0000000000426a9a in import_prompt (self=0x719800) at 
seahorse-key-manager.c:489
...

The code it's executing there is:

/* Skip leading whitespace. */
for (; *line && g_ascii_isspace (*line); line++)
   ;

My backtrace doesn't show the data it's importing.  But you can see it 
choking on the private key in some of the dupes of this obviously 
upstream bug floating around, like 
https://bugzilla.redhat.com/show_bug.cgi?id=573744  (Note that this 
problem is also at 
https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/611044 , which 
is listed as a dupe of a private bug I can't see so I'm not sure what's 
there.  This sort of thing is why I'm migrating away from Ubuntu.)

Now, as far as I can tell after more investigation this never was 
expected to work.  The import feature is for PGP keys, not SSH ones.  
The right procedure for importing SSH ones is to just copy them with 
unique names into the .ssh directory, at which point Seahorse lists them 
in the personal keys area.  See 
https://bugzilla.gnome.org/show_bug.cgi?id=617770 for notes on this, 
that's the feature request ticket for making the import work properly.  
The related bug #579275 here is probably from this same issue, it just 
doesn't segfault in that code path.

This is a frustrating bug for those new to seahorse, because rather than 
getting an error message like "you can't import a private SSH key" it 
just crashes mysteriously instead.  And the workaround of copying the 
SSH keys into the .ssh directory doesn't seem to be very well 
documented.  Given how many copies of this bug report there are around 
with no resolution, it's neither a problem unique to me nor one that's 
been investigated very well.

Not sure what should be done in Debian to address it though.  Having 
gone through all this research, I wanted to publish the report to make 
it easier to discover the source of this problem, and so the workaround 
is easier to find.