displaying identity key comment string in passphrase prompt

jim at bucc.buu.ac.th jim at bucc.buu.ac.th
Sun Nov 25 20:11:06 EST 2001


A Feature Request for OpenSSH 3.x:

In version 2.x, when prompting for the passphrase ssh would print
a prompt including the comment string from an RSA key, like:

Enter passphrase for RSA key 'Your Dog's Name':


The comment string was a useful way to remind the user what the
passphrase was (i didn't use hints quite this easy :-).

In Openssh 3.0, ssh prompts using the filename:

Enter passphrase for RSA key '/home/staff/jim/.ssh/identity':

Could you add an option to let the user choose which style
prompt he wants?  I.e. prompt by filename or prompt by comment.
If there is no comment, then prompt using the filename.

Below are the mods to the openssh-3.0p1 source to do this.
The option name I used (for the ~/.ssh/config file) is:

DisplayCommentString [yes|no]		Default: no


You can choose whatever name for this option you think is appropriate.

Will you consider adding this prompting option?

thanks,
Jim Brucker
<jim at buu.ac.th>

Modifications:
==============
Here are explanations of the changes and diffs.
The "BUCC" comments are used by me -- feel free to delete them.

============== readconf.h
		- add (int) display_comment_str to the Options struct.
diff:
104a105,106
> 
>       int     display_comment_str;    /* display comment string in prompts */

============== readconf.c
		- in global section, add to the end of "typedef enum":
		- in global section, "static struct { ... keywords[] = ",
		  add near the end of the keywords[] array:
		- in initialize_options(), initialize the display_comment_str
		  option to -1.
		- in fill_default_options(), if the display_comment_str option
		  hasn't been set (-1) then set it to 0 ("no").
		- in process_config_line() just before the 'default' case,
		  add a case to process the oDisplayCommentStr option.

diff:
118c118,119
<       oClearAllForwardings, oNoHostAuthenticationForLocalhost 
---
>       oClearAllForwardings, oNoHostAuthenticationForLocalhost,
>       oDisplayCommentStr
189a191
>       { "displaycommentstring", oDisplayCommentStr },
680a683,686
>       case oDisplayCommentStr:
>               intptr = &options->display_comment_str;
>               goto parse_flag;
> 
801a808
>       options->display_comment_str = -1;
926a934,935
>       if (options->display_comment_str == -1)
>               options->display_comment_str = 0;

=============== sshconnect1.c
		- in try_rsa_authentication() add a keycomment pointer
                  and a few lines to print the keycomment string if requested
		  and the comment string exists.

diff:
212a213
>       char *keycomment;       //BUCC: key comment string
259c260,267
<               private = key_load_private_type(KEY_RSA1, authfile, "", NULL);
---
>       {
> //BUCC, change:       private = key_load_private_type(KEY_RSA1, authfile, "", NULL);
> //BUCC, to:
>               private = key_load_private_type(KEY_RSA1, authfile, "", &keycomment);
>               if (options.display_comment_str && keycomment && *keycomment)
>                       comment = keycomment;
>       }
> 

=============== sshconnect2.c
		- in load_identity_file() add a comment string pointer
                  and a few lines to print the key comment if requested
		  and the comment string exists.

diff:
603a604,605
> // added:
>       char *comment;
611c613,622
<       private = key_load_private_type(KEY_UNSPEC, filename, "", NULL);
---
> 
>       comment = NULL;
> 
>       debug("load_identity_file: loading private key from %s", filename);
> 
> //    private = key_load_private_type(KEY_UNSPEC, filename, "", NULL);
>       private = key_load_private_type(KEY_UNSPEC, filename, "", &comment);
>       if (comment && *comment)
>               debug("load_identity_file: private key comment is %s", comment);
> 
616c631,635
<                    "Enter passphrase for key '%.100s': ", filename);
---
> //                 "Enter passphrase for key '%.100s': ", filename);
>                    "Enter passphrase for key '%.100s': ", 
>               (options.display_comment_str && comment && *comment) ?
>                       comment : filename);




More information about the openssh-unix-dev mailing list