bugzilla-daemon at mindrot.org
2005-Dec-20 11:10 UTC
[Bug 1138] Passphrase asked for (but ignored) if key file permissions too liberal.
http://bugzilla.mindrot.org/show_bug.cgi?id=1138
Summary: Passphrase asked for (but ignored) if key file
permissions too liberal.
Product: Portable OpenSSH
Version: 4.2p1
Platform: PPC
OS/Version: Linux
Status: NEW
Severity: minor
Priority: P1
Component: ssh-add
AssignedTo: bitbucket at mindrot.org
ReportedBy: hodgestar at gmail.com
When attempting to add a key with ssh-add, ssh-add prints a nice big error
message if the key files permissions are too liberal. However, it then
proceeds to ask the user for a passphrase for the key. The passphrase is
ignored and even a correct passphrase will result in "Bad passphrase, try
again".
This behaviour is damn confusing. :) Unless there is a good security reason for
keeping it, it would be nice to have ssh-add not ask for the passphrase at all
if the key is being ignored.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Dec-20 12:56 UTC
[Bug 1138] Passphrase asked for (but ignored) if key file permissions too liberal.
http://bugzilla.mindrot.org/show_bug.cgi?id=1138 ------- Comment #1 from dtucker at zip.com.au 2005-12-20 23:56 ------- Created an attachment (id=1049) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1049&action=view) Check perms on key files and bail early if bad That behaviour is a side effect of the way ssh-add will try several times to load each key (first with no passphrase, then with the previously supplied passphrase then finally with the user-supplied passphrase). The attached patch ought to fix this. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Dec-20 13:55 UTC
[Bug 1138] Passphrase asked for (but ignored) if key file permissions too liberal.
http://bugzilla.mindrot.org/show_bug.cgi?id=1138 ------- Comment #2 from hodgestar at gmail.com 2005-12-21 00:55 ------- Thanks Darren! I've applied the patch and recompiled and everything seems good. :) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Apparently Analagous Threads
- ssh-agent asking for passphrase on non-keyed connections
- [PATCH] regression of comment extraction in private key file without passphrase
- [Bug 557] scp over ssh-relay insists in asking passphrase
- launch ssh-add with a passphrase as parameter
- passphrase for non existent key?