search for: passphrase

...e_1/base/fsys_1_last ... etc. The intermediate "base" file systems are there only to set attributes to be inherited by all other file systems in the same pool. They were created with encryption on, forcing all others to be encrypted. The keysource for slice_?/base was set to "passphrase,prompt" while creating the file systems. Then I stored the keys (one key per pool) in files in a subdirectory of home/user1, and set keysource for slice_0/base to "passphrase,file:///export/home/user1/keys/key_0" (Similarly for the other two pools) So far so good. Several weeks...

Hello, I have the following problem. I have an application which is running and which has already request a passphrase to the user. This application needs to launch ssh agent and ssh add, but I do not want to be prompt again for the passphrase. My private key is of course encrypted with the passphrase. How can I do ? My only idea for the moment is to change the variable value of ask_passphrase and to redirect it...

...rk with novice programmers, and one step that comes up relatively early is generating SSH keys. In case you haven't done it in a while, the output looks like this: $ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/Users/aidan/.ssh/id_rsa): Enter passphrase (empty for no passphrase): When that last step comes up, I am regularly asked, "Does it mean the system password, or a new one?" A slight tweak of the language could easily eliminate that confusion... something like "Enter passphrase for the new key" or "Enter new passphr...

...Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: flafyarazi at gmail.com I'm working on a script to make `ssh` request a passphrase from a command of my choice instead of prompting me for a passphrase directly. If the script doesn't find a passphrase through the command, it should prompt me to input a passphrase. Additionally, if the script got a passphrase from the command but the passphrase was not correct, it should pr...

...onnecting to a remote ssh host with the standard linux openssh client using a private key, that there is no line of text indicating when the local key-passwd process was completed and the connection session was established. On a compromised host, the login shell could write the line 'Enter passphrase for key 'guess the filename using the current account name':'. If unnoticed, the user will think, that he misstyped the passphrase and repeat it. After capturing the word, the login could continue with the standard procedure (e.g. motd banner). lg roman

...eygen.c | 20 +++++++++++--------- sshd.c | 5 +++-- 4 files changed, 14 insertions(+), 50 deletions(-) diff --git a/authfile.c b/authfile.c index c28652c8bdf..6d86c2dd4c6 100644 --- a/authfile.c +++ b/authfile.c @@ -215,44 +215,6 @@ sshkey_load_private_type_fd(int fd, int type, const char *passphrase, return r; } -/* XXX this is almost identical to sshkey_load_private_type() */ -int -sshkey_load_private(const char *filename, const char *passphrase, - struct sshkey **keyp, char **commentp) -{ - struct sshbuf *buffer = NULL; - int r, fd; - - if (keyp != NULL) - *keyp = NULL; - if (commen...

Add private key protection information extraction to shh-keygen using -v option on top of -y option which is already parsing the private key. Technically, the passphrase isn't necessary to do this, but it is the most logical thing to do for me. Adding this to -l option is not appropriate because fingerprinting is using the .pub file when available. An other idea is to add a new option, I can do it if you prefer. Also, I'm laking information for informati...

>No. ssh-keygen should never be pamifed. It is worthless to do so. > >If we are going to enforce passphrase quality it should be for all OSes. >The world does not revolve around Linux. No matter what the press may >think. The Linux community didn't invent PAM, Sun did. Many more systems than Linux have PAM, Solaris, HP-UX some BSDs for a start. Having said that I agree with the comment ssh-...

I have an account where I have DSA key setup with a passphrase. I am trying to write a script to ssh over to another Unix server, without having to type in the passphrase and have ssh read the passphrase from either a file or pass it in from the command line. Is there a way to do something like this? I know that we can it so I don't need to enter a passp...

http://bugzilla.mindrot.org/show_bug.cgi?id=818 Summary: ssh-keygen Bad passphrase error Product: Portable OpenSSH Version: 3.8p1 Platform: PPC OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: ssh-keygen AssignedTo: openssh-bugs at mindrot.org ReportedBy: sandino...

On Mon, Jan 18, 2010 Joachim Schipper wrote: > What this patch does can be described as follows: > > Without: > you at local$ ssh somehost > Enter passphrase for RSA key 'foo': > you at somehost$ exit > $ ssh otherhost > Enter passphrase for RSA key 'foo': > you at otherhost$ > > With: > you at local$ ssh somehost > Enter passphrase for RSA key 'foo': > you at somehost$ exit > $ ssh otherhost >...

...@@@@@@@@@@@@@@@@@@@@@@@@@@@"); error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); @@ -525,14 +528,14 @@ Key * key_load_private_type(int type, const char *filename, const char *passphrase, - char **commentp) + char **commentp, int group_private_key) { int fd; fd = open(filename, O_RDONLY); if (fd < 0) return NULL; - if (!key_perm_ok(fd, filename)) { + if (!key_perm_ok(fd, filename, group_private_key)) { error("bad permissions: ignore key: %s", filen...

...it easier to override them. > My xubuntu is actually running ssh-agent:- chris 2549 1543 0 Jan01 ? 00:00:00 /usr/bin/ssh-agent -D -a /run/user/1000/keyring/.ssh It's started by gnome-keyring-daemon which is handy because it uses my login password to unlock my default passphrase, thus I don't need to enter a passphrase explicitly when running my GUI desktop. It's only because I want to use a *different* key/passphrase pair for some systems that I have hit this issue of ssh-agent using a GUI pop-up to ask for a passphrase. Do SSH_ASKPASS and SSH_ASKPASS_REQUIRE af...

http://bugzilla.mindrot.org/show_bug.cgi?id=1138 Summary: Passphrase asked for (but ignored) if key file permissions too liberal. Product: Portable OpenSSH Version: 4.2p1 Platform: PPC OS/Version: Linux Status: NEW Severity: minor Priority: P1 Component: ssh-add...

On Fri, May 25, 2001 at 02:21:06PM +0200, Nigel Kukard wrote: > Hi, > > [nkukard at wigglytuff .ssh]$ ssh-keygen -pf test_id > Enter old passphrase: > 'ey has comment 'ii > Enter new passphrase (empty for no passphrase): > Enter same passphrase again: > Segmentation fault (core dumped) > [nkukard at wigglytuff .ssh]$ > > > That is the error i get when trying to change the passphrase on one of my > ke...

...y using the following commands: ssh-keygen -b 1024 -f /etc/ssh/ssh_host_key -N "" ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N "" But when I try latter, I get: (gdb) n 1 0x35a6 in save_private_key_ssh2 ( filename=0xb2d2c "/mydir/ssh_host_dsa_key", _passphrase=0xb90f0 "''", key=0xc0360, comment=0xefbf91b0 "user at host") at authfile.c:172 ^^^^^^^^^ This means: In authfile.c - save_private_key_ssh2(..): <clipped> if (len > 0 && len <= 4) { error("passphrase too short: %d bytes",...

...ny passphase; just by putting a key (no need to be the private key) on another password-based host. It that true? I do not think so. I would name that as an "important OpenSSH daemon security bug". That is because I think it is not true. co-worker wrote: > You cannot distinguish passphrased keys from passphraseless ones. I think the OpenSSH daemon will take care to ask for a key passphrase before using a key to open an encrypted channel. A ssh key which requires a ssh passphrase to be usable can not be used to open a ssh connection if such ssh passphrase is not provided, as it is...

The patch below does two things. 1. If invoked with no arguments, attempt to add both RSA and DSA keys. 2. Remember the last successful passphrase and attempt to use it on subsequent key files which are added. Note that the latter part of the patch extends the period of time during which the passphrase is held in clear text in the ssh-add process, but doesn't introduce any _new_ vulnerability. If you're paranoid about an attacker b...

Hi. If I submit patches that make the prompts look more like prompts, would those patches be welcome? Before: ecashin at nilda ecashin$ ssh-add ~/.ssh/id_dsa Need passphrase for /home/ecashin/.ssh/id_dsa Enter passphrase for /home/ecashin/.ssh/id_dsa After (model 1): ecashin at nilda ecashin$ ssh-add ~/.ssh/id_dsa Need passphrase for /home/ecashin/.ssh/id_dsa Enter passphrase for "/home/ecashin/.ssh/id_dsa": After (model 2): ecashin at nilda eca...

...o use lvm encryption for the entire volume group. It works so far. But now I am planning to install a second hard disk. My thought is to create a new volume group on this additional disk. But how can I integrate/do this according to the existing encryption so that it will be decrypted by the same passphrase I use at startup? Regards and thanks in advance Tim