Trick user to send private key password to compromised host

Dan Yefimov dan at
Wed May 14 15:26:24 EST 2008

On Wed, 14 May 2008, Jefferson Ogata wrote:

> > Strange assertion. Of course, I understand the purpose of the private key 
> > password.
> That's not evident given your irrelevant comment that "the private key 
> is NEVER transmitted via the network by SSH". The passphrase exists *in 
> case* the private key file is compromised nevertheless. All this talk 
> about network home directories and other nonsense is a red herring; one 
> has to protect the passphrase with as much zeal as the private key file 
> if the private key is to remain secure.
> If the original poster had described a way the private key file could be 
> recovered by the remote host, but not the passphrase, would you be as 
> dismissive about it? Is it not clear to you that it's important to 
> protect both?
There's nothing to debate here. You're talking about obvious matters.

> >> Openssh can and should write something indicating the the private key 
> >> was successfully decrypted before continuing authentication, let alone 
> >> requesting a shell. Arguably it should similarly print something if the 
> >> private key was successfully retrieved from ssh-agent.
> > 
> > And it can do that when run with -vv command line argument, if desired.
> That's obviously not workable, unless you want a ton of debugging 
> information.
But that information is needed only in case of doubt. One don't obviously want 
it all the time. But if someone wants, he can edit sshconnect{1,2}.c replacing 
corresponding debug2() calls with calls to verbose() or logit() within 
functions try_rsa_authentication() and load_identity_file().

    Sincerely Your, Dan.

More information about the openssh-unix-dev mailing list