Patch to discourage unencrypted key generation

Alex Bligh alex at alex.org.uk
Sat Jun 1 08:45:03 EST 2013


On 31 May 2013, at 17:35, John Hawkinson wrote:

> 
> Ten I misunderstood the proposal.
> 
> If -N "" gives no prompt, then there shouldn't be a prompt at all, and the
> message should simply tell you to run with -N "" instead of offering two
> disparate paths to the same end.

AIUI the original patch asked the user to enter the string "I know" if
they were prompted for the passphrase (twice), and the result was the
empty string.

I am dubious as to the value of that, as, I think are you.

However, the patch was subject to the criticism that it would break
scripts. My point is that this particular piece of criticism is
unfair, as any sane script writer would not do
  echo -e "\n\n" | ssh-keygen ...
but would do
  ssh-keygen -N "" ...
in which case the 'user' would never be prompted at all, and the
script author would avoid having to do 
  echo -e "\n\nI know\n" | ssh-keygen
IE as far as I can tell, the patch does not alter the code path for
any sensible script users.

I suggested isatty(0) to dilute its impact a little further just in
case a non-sensible script user was doing the above in order to
maintain back compatibility.

My favourite dilution would merely be to print a warning if a null
string was received from the prompts (not through -N "").

-- 
Alex Bligh






More information about the openssh-unix-dev mailing list