No error when identity file not readable

marko.mocnik at nimbus.at marko.mocnik at nimbus.at
Thu Aug 5 23:25:04 EST 2004


Hi!

I was trying to start ssh from a scheduled task in Windows 2000.
I got the message "Enter passphrase for key '.ssh/identity':"

Well the passphrase I set was empty, so that should not have happen.

I traced this problem to the method
key_load_public_type(int type, const char *filename, char **commentp)
in authfile.c

If the file cannot be opened (in my case the "System" user was not 
authorized to do so)
this method returns NULL without an appropriate message.

The calling method
load_identity_file(char *filename)
in sshconnect2.c doesn not handle any error cases.
So, if the key_load_public_type returns NULL, this method thinks there is 
a password on the keyfile, regardless what really happened.

So after this I tried to set the permissions for the file to 777, which 
was another bad Idea ;)
But this time I got a message:

Failed to add the host to the list of known hosts (ssh/known_hosts).
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0777 for 'xbackup/testdir/.ssh/identity' are too open.
It is recommended that your private key files are NOT accessible by 
others.
This private key will be ignored.
bad permissions: ignore key: .ssh/identity
Enter passphrase for key '.ssh/identity':

But still there is the prompt to enter a passphrase.

Im not sure if this really is a bug, since everything works, besides the 
wrong messages.
I just am reporting this to set an apropriate end to my 2 day long 
debugging session... ;))

Regards,
Marko Mocnik




More information about the openssh-unix-dev mailing list