similar to: making the passphrase prompt more clear

This got me thinking, shouldn't this go through PAM so that password strength restrictions can be set as well? Obviously most ssh keys are created locally. But, if this were implemented, I think most distros would adopt the same strength criteria on this as they do with passwd and the like. ---------- Forwarded message ---------- From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>

Hi All, Please pardon me if it is the wrong list to ask how-to etc. I am having an issue with the Signed SSH keys. I am being asked for the passphrase for my signed public key, even though I don't have any. I am running CentOS7 with OpenSSH_6.4p1, OpenSSL 1.0.1e-fips 11 Feb 2013. 1) I have ca server with ca user keys (ca-user-key.pub) 2) I created user ssh rsa keys (user-id-org and

Hi there. I'm being asked for a passphrase for a key file that does not exist. See debug output below. Both client and server default to SSH2. Creating a DSA key without a password and copying the public portion to the server's authorized_keys2 allowed me to login w/o a password. I downloaded and installed the latest version of SSH from OpenBSD CVS, and now its asking me for the

I just opened a bug report about this, but i thought i'd bring it to the group if anyone has any concerns about the idea: https://bugzilla.mindrot.org/show_bug.cgi?id=1871 currently, ssh-askpass is used in some situations to actually ask the user for a passphrase. in other situations, it is used to prompt for simple confirmation (e.g. ControlMaster=ask, ssh-add -c). Providing the exact

I have a shell user who is able to login to his accounts via sshd on FreeBSD 8.2 using any password. The user had a .ssh/id_rsa and .ssh/id_rsa.pub key pair without a password but nullok was not specified, so I think this should be considered a bug. During diagnosis, /etc/pam.d/sshd was configured for authentication using: ------------- auth required pam_ssh.so

Apparently you created id_rsa key pair with a passphrase. Passphrase is like an additional password protection layer on your ssh key. I don't know how did you create it. But you can always create a new one (you should delete the old one before you create a new one) using the shell command 'ssh-keygen'. It asks for a passphrase, just push enter for an empty passphrase (twice). You

I'm trying to move from SSH1 to OpenSSH 2.9.9p2, under Solaris 8. Initial setup and testing seems to work... including the generation of a new RSA key. The key was created with "ssh-keygen -t rsa" and a passphrase; nothing unusual. I can SSH between machines, both running 2.9.9p2, and debug messages show that this file is being correctly read (I think). It prompts me for the

hello list I have a network mounted home directory shared between all hosts on my network: [bluethundr at LCENT03:~]#df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/VolGroup00-LogVol00 140G 4.4G 128G 4% / /dev/sda1 99M 35M 60M 37% /boot tmpfs 1.6G 0 1.6G 0% /dev/shm nas.summitnjhome.com:/mnt/nas

I would like to automatically deduce in a script if an ssh key is encrypted or not. Basically in a very particular application I want to be the BOFH and enforce that users place a passphrase on their id_rsa key. If they don't put a passphrase I want to send them back to ssh-keygen until they do. I have not been able to deduce a way to detect this yet. Any hints? Thanks Bob

https://bugzilla.mindrot.org/show_bug.cgi?id=2667 Bug ID: 2667 Summary: ssh-add does not display key comments for the first key added Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: minor Priority: P5 Component: ssh-add

Hello list I am attempting to manage my key logins with ssh-agent. However EVERY time I try to ssh I have to go through the same exact routing and it's getting a little old... [bluethundr at LCENT01:~]#ssh sum3 Enter passphrase for key '/home/bluethundr/.ssh/id_rsa': [bluethundr at LCENT01:~]#exec ssh-agent bash [bluethundr at LCENT01:~]#ssh-add Enter passphrase for

https://bugzilla.mindrot.org/show_bug.cgi?id=2739 Bug ID: 2739 Summary: ssh-add no longer works with xargs Product: Portable OpenSSH Version: 7.4p1 Hardware: amd64 OS: Mac OS X Status: NEW Severity: minor Priority: P5 Component: ssh-add Assignee: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=2243 Bug ID: 2243 Summary: scp ignoring ~/.ssh/config when both source and destination are remote hosts Product: Portable OpenSSH Version: 6.6p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5

hello centos.. I am having a very annoying problem on my network right now. it looks like every time I try to add my ssh key to keychain I have to issue a command just to get my ssh subsystem communicating with the ssh-agent: I have this line in my .bashrc file $(keychain --eval --quick --quiet private_key1 private_key2 private_key3) If I try to perform ssh-add I get the message: [bluethundr

I hope this isn't an invalid topic for this list. I'm on so many lists and I hate to join another one just to get help on one thing. Apologies if it's not. I am able to use ssh-keygen to generate keys so that I can ssh from my Mac to any of my SuSE systems or ssh from my Mac to any of my FreeBSD systems, without having to enter my password. When I try the same thing from a SuSE system

Hello, I have the following problem. I have an application which is running and which has already request a passphrase to the user. This application needs to launch ssh agent and ssh add, but I do not want to be prompt again for the passphrase. My private key is of course encrypted with the passphrase. How can I do ? My only idea for the moment is to change the variable value of ask_passphrase

A Feature Request for OpenSSH 3.x: In version 2.x, when prompting for the passphrase ssh would print a prompt including the comment string from an RSA key, like: Enter passphrase for RSA key 'Your Dog's Name': The comment string was a useful way to remind the user what the passphrase was (i didn't use hints quite this easy :-). In Openssh 3.0, ssh prompts using the filename:

I have an account where I have DSA key setup with a passphrase. I am trying to write a script to ssh over to another Unix server, without having to type in the passphrase and have ssh read the passphrase from either a file or pass it in from the command line. Is there a way to do something like this? I know that we can it so I don't need to enter a passphrase but we don't want to do

Under 2.5p2, if I ssh'd back to myself I would get a prompt asking for my passphrase, and if that was incorrect it would then ask for my password. Assuming I had a authorized_keys file with my identity.pub in it. Under 2.9.p1 it goes straight to enter password instead of asking for my passphrase. This wouldn't be a problem except that when I have "PasswordAuthentication no" I

On Tue, Jan 02, 2024 at 03:52:29PM +1100, Damien Miller wrote: > On Mon, 1 Jan 2024, Christian Weisgerber wrote: > > > Chris Green: > > > > > Setting SSH_ASKPASS_REQUIRE=never in the environment on my xubuntu > > > 23.10 system doesn't seem to work. I have set it:- > > > > > > chris$ env | grep SSH > > >