Trick user to send private key password to compromised host

[Roman Fiedler]

Hi list,

I do not known, if this is really an issue but i noticed that when 
connecting to a remote ssh host with the standard linux openssh client 
using a private key, that there is no line of text indicating when the 
local key-passwd process was completed and the connection session was 
established.

On a compromised host, the login shell could write the line 'Enter 
passphrase for key 'guess the filename using the current account 
name':'. If unnoticed, the user will think, that he misstyped the 
passphrase and repeat it. After capturing the word, the login could 
continue with the standard procedure (e.g. motd banner).

lg roman