bugzilla-daemon at bugzilla.mindrot.org
2017-Mar-27 06:12 UTC
[Bug 2700] New: Missing PEM identity_file should be a fatal error
https://bugzilla.mindrot.org/show_bug.cgi?id=2700 Bug ID: 2700 Summary: Missing PEM identity_file should be a fatal error Product: Portable OpenSSH Version: 7.2p2 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: jg at jguk.org ssh -i "me.pem" ubuntu at myserver33.net Warning: Identity file me.pem not accessible: No such file or directory. Permission denied (publickey). I can see there is a 3 second wait before the "Permission denied (publickey)." which is the connection to the myserver33.net My thought is that this should be a fatal error, not just a warning. Another note, the error is not accurate, as only a file is expected. ie if open() on the file fails, errno is ENOENT, then it should say "No such file" "Identity file me.pem not accessible: No such file." Thank you, Jonny -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Mar-27 06:36 UTC
[Bug 2700] Missing PEM identity_file should be a fatal error
https://bugzilla.mindrot.org/show_bug.cgi?id=2700 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au --- Comment #1 from Darren Tucker <dtucker at zip.com.au> --- (In reply to jg from comment #0)> ssh -i "me.pem" ubuntu at myserver33.net[...]> My thought is that this should be a fatal error, not just a warning.Well the connection may be able to succeed via some other key (eg from an agent) or via another auth method (the client doesn't know what methods the server will offer when it's parsing options). As for whether a missing/unreadable key file should be a fatal error, I'm not sure. I can imagine it breaking otherwise working configs.> Another note, the error is not accurate, as only a file is expected. > ie if open() on the file fails, errno is ENOENT, then it should say > "No such file"ENOENT is not that specific. If you specify a non-existent directory (eg -i "/no/such/id") in which case that message would be wrong. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Mar-27 06:57 UTC
[Bug 2700] Missing PEM identity_file should be a fatal error
https://bugzilla.mindrot.org/show_bug.cgi?id=2700 --- Comment #2 from jg at jguk.org --- Hi Darren Thank you for your reply. Yes, working configurations that still work after a missing identity_file are specifically provided are impacted. I think if someone specifies a file, it is expected to find it.. so let's change i to fatal? Re if a directory is specified, eg "my_dir" I think "Identity file my_dir not accessible: No such file." is still accurate isn't it? can use stat() to check if it is a file or dir, S_ISDIR etc, if really needed to give a secondary message to say: "Identity file my_dir not accessible: Is a directory." Other tools do handle correctly this situation: $ objdump -d missing_file objdump: 'missing_file': No such file $ objdump -d my_dir objdump: Warning: 'my_dir' is not an ordinary file Added it to my blog http://technoramauk.blogspot.com/2017/03/enoent-no-such-file-or-directory.html -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Apr-06 02:31 UTC
[Bug 2700] Missing PEM identity_file should be a fatal error
https://bugzilla.mindrot.org/show_bug.cgi?id=2700 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |djm at mindrot.org Resolution|--- |WONTFIX --- Comment #3 from Damien Miller <djm at mindrot.org> --- We prefer the current behaviour for the reasons that Darren mentioned and don't intend to change it. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 05:03 UTC
[Bug 2700] Missing PEM identity_file should be a fatal error
https://bugzilla.mindrot.org/show_bug.cgi?id=2700 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #4 from Damien Miller <djm at mindrot.org> --- closing resolved bugs as of 8.6p1 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Apparently Analagous Threads
- mindrot.org TMDA sending multiple auto-responder spams
- [Bug 2690] New: Add command line "ssh --version"
- [Bug 2720] New: Include username in "Permission denied (publickey)." message
- sftp backspace not working (OpenSSH_3.8.1p1 Debian-8.sarge.4)
- Symlinks deletion behaviour