[Bug 1981] New: Trying to use ssh with a missing identity file gives no warnings

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Feb 18 06:28:57 EST 2012


https://bugzilla.mindrot.org/show_bug.cgi?id=1981

             Bug #: 1981
           Summary: Trying to use ssh with a missing identity file gives
                    no warnings
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 5.2p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: mindrot.org at ch.pkts.ca


I attempted to set up a ~/.ssh/config entry that said 

Host firewall-link
  Hostname firewall.example.com
  IdentityFile /Home/username/.ssh/id_rsa_vpn
  User vpnuser

However, there was a typo in the IdentityFile line, so it specified the
wrong pathname (ie: no such file).  Do you want to know how long it
took to track down this error?  Too long!

You can only see the error message if you type 'ssh -d -d -d
firewall-link' (the maximum possible debug level), or use a system-call
tracing program (like strace) and compare good vs. bad sessions (if you
have a good one).

I'm unsure if this was a policy decision for security reasons ("Hide
failures"), but as it's an error on the client side, I fail to see the
security benefits of not printing "Identity file xxxxxxx not found" as
a warning just before moving on to the next authentication method.

Thanks!

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list