search for: ssh_err_key_wrong_passphrase

I've architected this in a way that looks future proof at least to the openssl provider transition. What will happen in openssl 3.0.0 is that providers become active and will accept keys via URI. The current file mechanisms will still be available but internally it will become a file URI. To support the provider interface, openssl will have to accept keys by URI instead of file and may

...sh-keygen.c @@ -275,7 +275,8 @@ load_identity(char *filename) struct sshkey *prv; int r; - if ((r = sshkey_load_private(filename, "", &prv, NULL)) == 0) + if ((r = sshkey_load_private_type(KEY_UNSPEC, filename, "", + &prv, NULL)) == 0) return prv; if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) fatal("Load key \"%s\": %s", filename, ssh_err(r)); @@ -283,7 +284,7 @@ load_identity(char *filename) pass = xstrdup(identity_passphrase); else pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN); - r = sshkey_load_private(filename, pass, &prv,...

Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private

...00644 --- a/ssh-add.c +++ b/ssh-add.c @@ -111,6 +111,29 @@ clear_pass(void) } } +static int +add_engine_key(int agent_fd, const char *file, const char *engine) +{ + int ret; + char *pin = NULL; + + ret = ssh_add_engine_key(agent_fd, file, engine, NULL, lifetime, confirm, maxsign); + if (ret == SSH_ERR_KEY_WRONG_PASSPHRASE) { + pin = read_passphrase("Enter engine key passphrase:", RP_ALLOW_STDIN); + if (!pin) + return -1; + ret = ssh_add_engine_key(agent_fd, file, engine, pin, lifetime, confirm, maxsign); + } + if (ret != SSH_AGENT_SUCCESS) { + fprintf(stderr, "failed to add engine key: %s\n&quot...

...?? ?*commentp = NULL; -?? ?if ((r = sshkey_load_private(filename, "", &prv, commentp)) == 0) +?? ?if (vault_infop != NULL) +?? ??? ?*vault_infop = NULL; +?? ?if ((r = sshkey_load_private(filename, "", &prv, commentp, vault_infop)) == 0) ??? ??? ?return prv; ??? ?if (r != SSH_ERR_KEY_WRONG_PASSPHRASE) ??? ??? ?fatal("Load key \"%s\": %s", filename, ssh_err(r)); @@ -326,7 +328,7 @@ load_identity(const char *filename, char **commentp) ??? ??? ?pass = xstrdup(identity_passphrase); ??? ?else ??? ??? ?pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN); -?? ?r...

https://bugzilla.mindrot.org/show_bug.cgi?id=2522 Bug ID: 2522 Summary: Key parser should reflect errors from OpenSSL Product: Portable OpenSSH Version: 7.1p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement Priority: P5 Component: ssh

Hi, OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a feature release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at