[Bug 1693] New: ssh prompts for passphrase even when identity file is unreadable
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Jan 8 03:29:22 EST 2010
https://bugzilla.mindrot.org/show_bug.cgi?id=1693
Summary: ssh prompts for passphrase even when identity file is
unreadable
Product: Portable OpenSSH
Version: 5.3p1
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: tj at castaglia.org
Created an attachment (id=1767)
--> (https://bugzilla.mindrot.org/attachment.cgi?id=1767)
Uses access(2) to check readability of identity file before loading
When using publickey authentication, the private key is loaded from an
IdentityFile using ssh2connect.c's load_identity_file() function. A
stat(2) is used to ensure that the file exists, and then the key is
loaded.
If the file exists, but the process does not have read permissions on
that file, then ssh will prompt the user for a passphrase. This is
particularly confusing if the private key in question is not
passphrase-protected. The fact that the ssh client prompts for the
passphrase is misleading; the underlying inability to load the private
key stems not from the need for a passphrase, but from the lack of
readability. It would be better to display a "Permission denied"
message to the user, and/or move on to the next authentication method,
rather than needlessly prompting the user for passphrases in this case.
The attached patch attempts to remedy this situation by using access(2)
after the stat(2) call. If the file is not readable, then the private
key cannot be loaded, and thus the call to key_load_private_type() is
skipped.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list