[Bug 734] Misleading error message when host key verification is impossible / SSH_ASKPASS impossible.

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Oct 8 10:42:48 EST 2003


http://bugzilla.mindrot.org/show_bug.cgi?id=734

           Summary: Misleading error message when host key verification is
                    impossible / SSH_ASKPASS impossible.
           Product: Portable OpenSSH
           Version: 3.6.1p2
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: trivial
          Priority: P5
         Component: ssh
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: jim at iNode.co.nz


When connecting to an unknown machine, ssh presents the host key fingerprint to 
the user, and asks for verification. If the user does not verify the 
fingerprint, ssh outputs "Host key verification failed." and terminates.

If (for some strange reason) /dev/tty is unwriteable, and there is no other 
SSH_ASKPASS on the system, ssh still outputs "Host key verification failed." and 
terminates. However, in this case it might be more accurate or helpful to report 
that there is no method to even ask for verification, e.g. "No method available 
to ask for Host key verification".

(I was trying to debug a new sshd setup on a possibly-unstable server from a 
client machine with a broken /dev/tty and no ssh-askpass - the host key message 
made me think that the sshd was sending invalid data, not that the client 
machine had problems of its own)

This is a very low priority/severity report, because the phrase "Host key 
verification failed." could arguably still be correct in these circumstances. 
You might want to view it as an enhancement, except that I feel you shouldn't 
use a single error message for two different conditions.

I note that under the same circumstances, a connection to a known host that 
would normally use a password method outputs "Permission denied" messages for 
keyboard-interactive, which is not as misleading.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list