Displaying 20 results from an estimated 940 matches for "passphrase".
2012 Feb 18
6
Cannot mount encrypted filesystems.
...e_1/base/fsys_1_last
...
etc.
The intermediate "base" file systems
are there only to set attributes
to be inherited by all other file
systems in the same pool.
They were created with encryption
on, forcing all others to be encrypted.
The keysource for slice_?/base
was set to
"passphrase,prompt"
while creating the file systems.
Then I stored the keys (one key per
pool) in files in a subdirectory
of home/user1, and set keysource for
slice_0/base to
"passphrase,file:///export/home/user1/keys/key_0"
(Similarly for the other two pools)
So far so good.
Several weeks...
2004 Oct 19
2
launch ssh-add with a passphrase as parameter
Hello,
I have the following problem.
I have an application which is running and which has already request a
passphrase to the user.
This application needs to launch ssh agent and ssh add, but I do not want
to be prompt again for the passphrase.
My private key is of course encrypted with the passphrase.
How can I do ?
My only idea for the moment is to change the variable value of
ask_passphrase and to redirect it...
2014 Sep 02
2
making the passphrase prompt more clear
...rk with novice programmers, and one step that comes up
relatively early is generating SSH keys. In case you haven't done it
in a while, the output looks like this:
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/aidan/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
When that last step comes up, I am regularly asked, "Does it mean the
system password, or a new one?" A slight tweak of the language could
easily eliminate that confusion... something like "Enter passphrase
for the new key" or "Enter new passphr...
2023 Dec 16
0
[Bug 3644] New: Pass the number of attempt to SSH_ASKPASS
...Hardware: All
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: flafyarazi at gmail.com
I'm working on a script to make `ssh` request a passphrase from a
command of my choice instead of prompting me for a passphrase directly.
If the script doesn't find a passphrase through the command, it should
prompt me to input a passphrase.
Additionally, if the script got a passphrase from the command but the
passphrase was not correct, it should pr...
2008 May 13
4
Trick user to send private key password to compromised host
...onnecting to a remote ssh host with the standard linux openssh client
using a private key, that there is no line of text indicating when the
local key-passwd process was completed and the connection session was
established.
On a compromised host, the login shell could write the line 'Enter
passphrase for key 'guess the filename using the current account
name':'. If unnoticed, the user will think, that he misstyped the
passphrase and repeat it. After capturing the word, the login could
continue with the standard procedure (e.g. motd banner).
lg roman
2019 Aug 06
2
[PATCH v2] Remove sshkey_load_private()
...eygen.c | 20 +++++++++++---------
sshd.c | 5 +++--
4 files changed, 14 insertions(+), 50 deletions(-)
diff --git a/authfile.c b/authfile.c
index c28652c8bdf..6d86c2dd4c6 100644
--- a/authfile.c
+++ b/authfile.c
@@ -215,44 +215,6 @@ sshkey_load_private_type_fd(int fd, int type, const char *passphrase,
return r;
}
-/* XXX this is almost identical to sshkey_load_private_type() */
-int
-sshkey_load_private(const char *filename, const char *passphrase,
- struct sshkey **keyp, char **commentp)
-{
- struct sshbuf *buffer = NULL;
- int r, fd;
-
- if (keyp != NULL)
- *keyp = NULL;
- if (commen...
2020 Apr 25
2
[PATCH 1/3] Add private key protection information extraction to ssh-keygen
Add private key protection information extraction to shh-keygen using -v
option on top of -y option which is already parsing the private key.
Technically, the passphrase isn't necessary to do this, but it is the
most logical thing to do for me.
Adding this to -l option is not appropriate because fingerprinting is
using the .pub file when available.
An other idea is to add a new option, I can do it if you prefer.
Also, I'm laking information for informati...
2001 Nov 16
4
passphrase quality
>No. ssh-keygen should never be pamifed. It is worthless to do so.
>
>If we are going to enforce passphrase quality it should be for all OSes.
>The world does not revolve around Linux. No matter what the press may
>think.
The Linux community didn't invent PAM, Sun did. Many more systems
than Linux have PAM, Solaris, HP-UX some BSDs for a start.
Having said that I agree with the comment ssh-...
2004 Sep 27
1
Sending passphrase w/o keyboard interaction
I have an account where I have DSA key setup with a passphrase. I am trying
to write a script to ssh over to another Unix server, without having to type
in the passphrase and have ssh read the passphrase from either a file or
pass it in from the command line. Is there a way to do something like this?
I know that we can it so I don't need to enter a passp...
2004 Mar 24
5
[Bug 818] ssh-keygen Bad passphrase error
http://bugzilla.mindrot.org/show_bug.cgi?id=818
Summary: ssh-keygen Bad passphrase error
Product: Portable OpenSSH
Version: 3.8p1
Platform: PPC
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: ssh-keygen
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: sandino...
2010 Jan 28
3
Repost: [patch] Automatically add keys to agent
On Mon, Jan 18, 2010 Joachim Schipper wrote:
> What this patch does can be described as follows:
>
> Without:
> you at local$ ssh somehost
> Enter passphrase for RSA key 'foo':
> you at somehost$ exit
> $ ssh otherhost
> Enter passphrase for RSA key 'foo':
> you at otherhost$
>
> With:
> you at local$ ssh somehost
> Enter passphrase for RSA key 'foo':
> you at somehost$ exit
> $ ssh otherhost
>...
2003 Nov 27
2
Question about adding another parameter for OpenSSH
...@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
@@ -525,14 +528,14 @@
Key *
key_load_private_type(int type, const char *filename, const char *passphrase,
- char **commentp)
+ char **commentp, int group_private_key)
{
int fd;
fd = open(filename, O_RDONLY);
if (fd < 0)
return NULL;
- if (!key_perm_ok(fd, filename)) {
+ if (!key_perm_ok(fd, filename, group_private_key)) {
error("bad permissions: ignore key: %s", filen...
2024 Jan 02
2
How to get "Enter passphrase" on command line rather than GUI pop-up?
...it easier to override them.
>
My xubuntu is actually running ssh-agent:-
chris 2549 1543 0 Jan01 ? 00:00:00 /usr/bin/ssh-agent -D -a /run/user/1000/keyring/.ssh
It's started by gnome-keyring-daemon which is handy because it uses my
login password to unlock my default passphrase, thus I don't need to
enter a passphrase explicitly when running my GUI desktop.
It's only because I want to use a *different* key/passphrase pair for
some systems that I have hit this issue of ssh-agent using a GUI
pop-up to ask for a passphrase.
Do SSH_ASKPASS and SSH_ASKPASS_REQUIRE af...
2005 Dec 20
2
[Bug 1138] Passphrase asked for (but ignored) if key file permissions too liberal.
http://bugzilla.mindrot.org/show_bug.cgi?id=1138
Summary: Passphrase asked for (but ignored) if key file
permissions too liberal.
Product: Portable OpenSSH
Version: 4.2p1
Platform: PPC
OS/Version: Linux
Status: NEW
Severity: minor
Priority: P1
Component: ssh-add...
2001 May 25
1
ssh-keygen segfault (2.9p1)
On Fri, May 25, 2001 at 02:21:06PM +0200, Nigel Kukard wrote:
> Hi,
>
> [nkukard at wigglytuff .ssh]$ ssh-keygen -pf test_id
> Enter old passphrase:
> 'ey has comment 'ii
> Enter new passphrase (empty for no passphrase):
> Enter same passphrase again:
> Segmentation fault (core dumped)
> [nkukard at wigglytuff .ssh]$
>
>
> That is the error i get when trying to change the passphrase on one of my
> ke...
2001 Jan 11
3
ssh-keygen: passphrase.
...y using the following commands:
ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N ""
ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N ""
But when I try latter, I get:
(gdb) n
1 0x35a6 in save_private_key_ssh2 (
filename=0xb2d2c "/mydir/ssh_host_dsa_key",
_passphrase=0xb90f0 "''", key=0xc0360, comment=0xefbf91b0
"user at host")
at authfile.c:172
^^^^^^^^^
This means:
In authfile.c - save_private_key_ssh2(..):
<clipped>
if (len > 0 && len <= 4) {
error("passphrase too short: %d bytes",...
2010 Jan 05
9
OpenSSH daemon security bug?
...ny passphase; just
by putting a key (no need to be the private key) on another password-based
host.
It that true? I do not think so. I would name that as an "important OpenSSH
daemon security bug". That is because I think it is not true.
co-worker wrote:
> You cannot distinguish passphrased keys from passphraseless ones.
I think the OpenSSH daemon will take care to ask for a key passphrase before
using a key to open an encrypted channel.
A ssh key which requires a ssh passphrase to be usable can not be used to open
a ssh connection if such ssh passphrase is not provided, as it is...
2001 Jan 07
1
[PATCH] Caching passphrase in ssh-add.
The patch below does two things.
1. If invoked with no arguments, attempt to add both RSA and DSA keys.
2. Remember the last successful passphrase and attempt to use it on
subsequent key files which are added.
Note that the latter part of the patch extends the period of time during
which the passphrase is held in clear text in the ssh-add process, but
doesn't introduce any _new_ vulnerability.
If you're paranoid about an attacker b...
2001 Jun 06
1
proposal for cosmetic change: prompts
Hi. If I submit patches that make the prompts look more like prompts,
would those patches be welcome?
Before:
ecashin at nilda ecashin$ ssh-add ~/.ssh/id_dsa
Need passphrase for /home/ecashin/.ssh/id_dsa
Enter passphrase for /home/ecashin/.ssh/id_dsa
After (model 1):
ecashin at nilda ecashin$ ssh-add ~/.ssh/id_dsa
Need passphrase for /home/ecashin/.ssh/id_dsa
Enter passphrase for "/home/ecashin/.ssh/id_dsa":
After (model 2):
ecashin at nilda eca...
2015 Mar 05
3
LVM encryption and new volume group
...o use lvm encryption for the entire volume group. It works so far.
But now I am planning to install a second hard disk. My thought is to create a new volume group on this additional disk.
But how can I integrate/do this according to the existing encryption so that it will be decrypted by the same passphrase I use at startup?
Regards and thanks in advance
Tim