bugzilla-daemon at mindrot.org
2005-Dec-20 11:10 UTC
[Bug 1138] Passphrase asked for (but ignored) if key file permissions too liberal.
http://bugzilla.mindrot.org/show_bug.cgi?id=1138 Summary: Passphrase asked for (but ignored) if key file permissions too liberal. Product: Portable OpenSSH Version: 4.2p1 Platform: PPC OS/Version: Linux Status: NEW Severity: minor Priority: P1 Component: ssh-add AssignedTo: bitbucket at mindrot.org ReportedBy: hodgestar at gmail.com When attempting to add a key with ssh-add, ssh-add prints a nice big error message if the key files permissions are too liberal. However, it then proceeds to ask the user for a passphrase for the key. The passphrase is ignored and even a correct passphrase will result in "Bad passphrase, try again". This behaviour is damn confusing. :) Unless there is a good security reason for keeping it, it would be nice to have ssh-add not ask for the passphrase at all if the key is being ignored. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Dec-20 12:56 UTC
[Bug 1138] Passphrase asked for (but ignored) if key file permissions too liberal.
http://bugzilla.mindrot.org/show_bug.cgi?id=1138 ------- Comment #1 from dtucker at zip.com.au 2005-12-20 23:56 ------- Created an attachment (id=1049) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1049&action=view) Check perms on key files and bail early if bad That behaviour is a side effect of the way ssh-add will try several times to load each key (first with no passphrase, then with the previously supplied passphrase then finally with the user-supplied passphrase). The attached patch ought to fix this. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Dec-20 13:55 UTC
[Bug 1138] Passphrase asked for (but ignored) if key file permissions too liberal.
http://bugzilla.mindrot.org/show_bug.cgi?id=1138 ------- Comment #2 from hodgestar at gmail.com 2005-12-21 00:55 ------- Thanks Darren! I've applied the patch and recompiled and everything seems good. :) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Reasonably Related Threads
- ssh-agent asking for passphrase on non-keyed connections
- [PATCH] regression of comment extraction in private key file without passphrase
- [Bug 557] scp over ssh-relay insists in asking passphrase
- launch ssh-add with a passphrase as parameter
- passphrase for non existent key?