similar to: missing new passphrase files

Author: Anthony Scarpino <Anthony.Scarpino at Sun.COM> Repository: /hg/zfs-crypto/zfs-crypto-gate Latest revision: 9a17248d7cc3087d39ca752bff184ae5a7831cf6 Total changesets: 1 Log message: passphrase & keymgr load/unload Files: update: usr/src/cmd/zfs/zfs_main.c update: usr/src/cmd/zpool/zpool_main.c update: usr/src/common/zfs/zfs_prop.c update:

Author: Darren Moffat <darrenm at opensolaris.org> Repository: /hg/zfs-crypto/zfs-crypto-gate Latest revision: ec659b717bdb149af4dc7a2ac1bc1c152d859b02 Total changesets: 1 Log message: Fix mismerge for libcryptoutil & libpkcs11 Files: update: usr/src/lib/libcryptoutil/common/cryptoutil.h update: usr/src/lib/libcryptoutil/common/mapfile-vers update:

Author: Darren Moffat <darrenm at opensolaris.org> Repository: /hg/zfs-crypto/zfs-crypto-gate Latest revision: f2267f9eb807cc96d0d8ed72b186a4fae3490010 Total changesets: 1 Log message: merge with zfs-crypto-gate Files: delete: usr/src/lib/libcryptoutil/common/mechkeygen.c

Author: Anthony Scarpino <Anthony.Scarpino at Sun.COM> Repository: /hg/zfs-crypto/zfs-crypto-gate Latest revision: 8f164ec4380058ccbc31e7c8ab05c85d0c3d85c5 Total changesets: 1 Log message: aes cbc pad added to kernel software provider Files: update: usr/src/common/crypto/aes/aes_cbc_crypt.c update: usr/src/common/crypto/aes/aes_cbc_crypt.h update: usr/src/uts/common/crypto/io/aes.c

Author: Anthony Scarpino <Anthony.Scarpino at Sun.COM> Repository: /hg/zfs-crypto/gate Latest revision: 3df1f6b01f2e4234af95267b22947e416a38d4ca Total changesets: 1 Log message: removal of AES_CBC_PAD from kernel Files: update: usr/src/cmd/cmd-crypto/etc/kcf.conf update: usr/src/common/crypto/aes/aes_cbc_crypt.c update: usr/src/common/crypto/aes/aes_cbc_crypt.h update:

Author: Anthony Scarpino <Anthony.Scarpino at Sun.COM> Repository: /hg/zfs-crypto/gate Latest revision: a2a39602f5d2629c170434c6b35e4b6512d33744 Total changesets: 1 Log message: fix pam module to use zpool_load_key property. Add some better error reporting Files: update: usr/src/lib/libzfs/common/libzfs_crypto.c update: usr/src/lib/pam_modules/zfs_key/zfs_key.c

Author: Anthony Scarpino <Anthony.Scarpino at Sun.COM> Repository: /hg/zfs-crypto/gate Latest revision: 04f168232992beb7ebec3b25a69735bb3e2ab678 Total changesets: 1 Log message: zpool create now loads/prompts for key. Use random salt instead of guid. Fix 654 Files: update: usr/src/cmd/zfs/zfs_main.c update: usr/src/cmd/zoneadm/zfs.c update: usr/src/cmd/zpool/zpool_main.c update:

Here''s my comments for the preliminary ZFS Crypto review. - Dan Webrev: http://cr.opensolaris.org/~darrenm/zfs-crypto-gate/webrev/ General comments: DEA-1 - SCCS keywords need to be removed DEA-2 - Copyright updated ------------------------------------------------------------------ usr/src/lib/libcryptoutil/common/keyfile.c pkcs11_read_data() This code in pkcs11_read_data() scares

http://defect.opensolaris.org/bz/show_bug.cgi?id=2116 Summary: zfs_create_005: ''zfs create'' coredump if keysourcea is a blank passphrase file Classification: Development Product: zfs-crypto Version: unspecified Platform: Other OS/Version: Solaris Status: NEW Severity: major

Author: izick Repository: /hg/zfs-crypto/gate Revision: f7c96af91f148327ba792c8fbcb9e49897664f9c Log message: PSARC 2005/572 PKCS#11 v2.20 4920408 PKCS#11 v2.20 support for the Crypto Framework 6287425 residual bzero''s in hmac part of sha2 6287428 add sha2 to the i.kcfconfbase upgrade script Files: create: usr/src/common/crypto/blowfish/blowfish_cbc_crypt.c create:

http://bugzilla.mindrot.org/show_bug.cgi?id=818 Summary: ssh-keygen Bad passphrase error Product: Portable OpenSSH Version: 3.8p1 Platform: PPC OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: ssh-keygen AssignedTo: openssh-bugs at mindrot.org ReportedBy: sandino at

The patch below does two things. 1. If invoked with no arguments, attempt to add both RSA and DSA keys. 2. Remember the last successful passphrase and attempt to use it on subsequent key files which are added. Note that the latter part of the patch extends the period of time during which the passphrase is held in clear text in the ssh-add process, but doesn't introduce any _new_

ssh-add on OpenBSD current (with malloc -S enabled) crashes ("chunk is already free") when loading my password-protected SSHv1 key (used only for testing). "ssh-add ~/.ssh/identity" also fails to format the prompt properly ("Enter passphrase for :"). The issue is as follows: Starting at ssh-add.c:158 in add_file(ac, filename = "~/.ssh/identity"), we call

http://bugzilla.mindrot.org/show_bug.cgi?id=1138 Summary: Passphrase asked for (but ignored) if key file permissions too liberal. Product: Portable OpenSSH Version: 4.2p1 Platform: PPC OS/Version: Linux Status: NEW Severity: minor Priority: P1 Component: ssh-add AssignedTo:

A Feature Request for OpenSSH 3.x: In version 2.x, when prompting for the passphrase ssh would print a prompt including the comment string from an RSA key, like: Enter passphrase for RSA key 'Your Dog's Name': The comment string was a useful way to remind the user what the passphrase was (i didn't use hints quite this easy :-). In Openssh 3.0, ssh prompts using the filename:

Hello, I have the following problem. I have an application which is running and which has already request a passphrase to the user. This application needs to launch ssh agent and ssh add, but I do not want to be prompt again for the passphrase. My private key is of course encrypted with the passphrase. How can I do ? My only idea for the moment is to change the variable value of ask_passphrase

I am working on a port of openssh-3.5p1 and ran across a case where we were trying to load a private key with 0644 permissions into the agent. The agent responds with: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0644 for

I have an account where I have DSA key setup with a passphrase. I am trying to write a script to ssh over to another Unix server, without having to type in the passphrase and have ssh read the passphrase from either a file or pass it in from the command line. Is there a way to do something like this? I know that we can it so I don't need to enter a passphrase but we don't want to do

This got me thinking, shouldn't this go through PAM so that password strength restrictions can be set as well? Obviously most ssh keys are created locally. But, if this were implemented, I think most distros would adopt the same strength criteria on this as they do with passwd and the like. ---------- Forwarded message ---------- From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>

I am going to preface this email by saying that I know very little about OpenSSH internals, the protocol, etc. I do a lot of work with novice programmers, and one step that comes up relatively early is generating SSH keys. In case you haven't done it in a while, the output looks like this: $ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key