James Keener
2014-Jul-18 23:17 UTC
Read-only on /dev/tty causes ssh-add to show passwords when typed and ssh'ing to new hosts to fail
When permissions on /dev/tty are crw------- and owner root:root, ssh-add will echo passwords to the terminal (sudo does not) and ssh fails with a "Host key verification failed." error. ssh -v -v -v provided a "debug1: read_passphrase: can't open /dev/tty: Permission denied" which is how I figured out that /dev/tty had weird permission issues. I would have expected that error print without need the -v option and ssh-add to fail so that my password would not show (or use another method, if possible). This happens with binaries compiled from source from openssh-6.6p1 obtained from http://openbsd.mirrors.pair.com/OpenSSH/portable/openssh-6.6p1.tar.gz Thank you, Jim Keener -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 884 bytes Desc: OpenPGP digital signature URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140718/18854822/attachment.bin>
Damien Miller
2014-Jul-20 10:01 UTC
Read-only on /dev/tty causes ssh-add to show passwords when typed and ssh'ing to new hosts to fail
On Fri, 18 Jul 2014, James Keener wrote:> When permissions on /dev/tty are crw------- and owner root:root, ssh-add > will echo passwords to the terminal (sudo does not) and ssh fails with a > "Host key verification failed." error.I would expect that ssh can't successfully issue termios calls to turn off tty echo when /dev/tty isn't writable to the user. sudo will work because it is setuid root. There isn't much ssh can do with bad permissions on /dev/tty. -d