[Bug 734] Misleading error message when host key verification is impossible / SSH_ASKPASS impossible.
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Wed Oct 8 10:42:48 EST 2003
http://bugzilla.mindrot.org/show_bug.cgi?id=734
Summary: Misleading error message when host key verification is
impossible / SSH_ASKPASS impossible.
Product: Portable OpenSSH
Version: 3.6.1p2
Platform: All
OS/Version: Linux
Status: NEW
Severity: trivial
Priority: P5
Component: ssh
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: jim at iNode.co.nz
When connecting to an unknown machine, ssh presents the host key fingerprint to
the user, and asks for verification. If the user does not verify the
fingerprint, ssh outputs "Host key verification failed." and terminates.
If (for some strange reason) /dev/tty is unwriteable, and there is no other
SSH_ASKPASS on the system, ssh still outputs "Host key verification failed." and
terminates. However, in this case it might be more accurate or helpful to report
that there is no method to even ask for verification, e.g. "No method available
to ask for Host key verification".
(I was trying to debug a new sshd setup on a possibly-unstable server from a
client machine with a broken /dev/tty and no ssh-askpass - the host key message
made me think that the sshd was sending invalid data, not that the client
machine had problems of its own)
This is a very low priority/severity report, because the phrase "Host key
verification failed." could arguably still be correct in these circumstances.
You might want to view it as an enhancement, except that I feel you shouldn't
use a single error message for two different conditions.
I note that under the same circumstances, a connection to a known host that
would normally use a password method outputs "Permission denied" messages for
keyboard-interactive, which is not as misleading.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list