No error when identity file not readable
marko.mocnik at nimbus.at
marko.mocnik at nimbus.at
Thu Aug 5 23:25:04 EST 2004
Hi!
I was trying to start ssh from a scheduled task in Windows 2000.
I got the message "Enter passphrase for key '.ssh/identity':"
Well the passphrase I set was empty, so that should not have happen.
I traced this problem to the method
key_load_public_type(int type, const char *filename, char **commentp)
in authfile.c
If the file cannot be opened (in my case the "System" user was not
authorized to do so)
this method returns NULL without an appropriate message.
The calling method
load_identity_file(char *filename)
in sshconnect2.c doesn not handle any error cases.
So, if the key_load_public_type returns NULL, this method thinks there is
a password on the keyfile, regardless what really happened.
So after this I tried to set the permissions for the file to 777, which
was another bad Idea ;)
But this time I got a message:
Failed to add the host to the list of known hosts (ssh/known_hosts).
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0777 for 'xbackup/testdir/.ssh/identity' are too open.
It is recommended that your private key files are NOT accessible by
others.
This private key will be ignored.
bad permissions: ignore key: .ssh/identity
Enter passphrase for key '.ssh/identity':
But still there is the prompt to enter a passphrase.
Im not sure if this really is a bug, since everything works, besides the
wrong messages.
I just am reporting this to set an apropriate end to my 2 day long
debugging session... ;))
Regards,
Marko Mocnik
More information about the openssh-unix-dev
mailing list