Bug 1186

Summary: ssh tries multiple times to open unprotected keys
Product: Portable OpenSSH Reporter: Chris Pepper <pepper>
Component: sshAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: major    
Priority: P2    
Version: -current   
Hardware: All   
OS: All   
Bug Depends on:    
Bug Blocks: 1155    
Attachments:
Description Flags
Prevent retrying keys with bad permissions djm: ok+

Description Chris Pepper 2006-04-25 14:27:55 AEST 
As a test, I made a private key world readable. Note that id_dsa is a symlink to this key. When I tried to ssh without a running agent, ssh complained about permissions and said it would ignore this key, but then prompted me for its passphrase.

If I'm understanding correctly, this is a failure of a security feature. Note that this is the OpenSSH currently supplied by Apple in the current 10.4.6 release, which lags substantially behind CURRENT. I will also report this up to Apple, referencing this bug number, once I have one.

pepper@pepperbook:~/.ssh$ ssh www
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/Users/pepper/.ssh/id_dsa' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /Users/pepper/.ssh/id_dsa
Enter passphrase for key '/Users/pepper/.ssh/id_dsa': 

pepper@pepperbook:~/.ssh$ ls -l id_dsa id_dsa.pepper.200510
lrwxr-xr-x   1 pepper  pepper   20 Nov 16 23:19 id_dsa -> id_dsa.pepper.200510
-rw-r--r--   1 pepper  pepper  736 Nov  3 00:51 id_dsa.pepper.200510
pepper@pepperbook:~/.ssh$ ssh -V
OpenSSH_3.8.1p1, OpenSSL 0.9.7i 14 Oct 2005
pepper@pepperbook:~/.ssh$ sw_vers
ProductName:    Mac OS X
ProductVersion: 10.4.6
BuildVersion:   8I127
Comment 1 Damien Miller 2006-04-25 14:33:29 AEST 
I think you will find that they key *is* ignored. Try typing you passphrase when prompted - I bet it doesn't get you any further.
Comment 2 Chris Pepper 2006-04-25 14:39:00 AEST 
That's good for the security aspect, although in this situation the passphrase entry should probably be avoided too (since something strange must've happened to change the pubkey's permissions).

But it's not good to prompt the user (three times) for a passphrase which won't be used either.
Comment 3 Darren Tucker 2006-04-25 16:02:23 AEST 
Created attachment 1125 [details]
Prevent retrying keys with bad permissions

This patch prevents the retry attempts, similar to an earlier change in ssh-add.
Comment 4 Damien Miller 2006-04-25 16:30:30 AEST 
Comment on attachment 1125 [details]
Prevent retrying keys with bad permissions

looks ok to me
Comment 5 Darren Tucker 2006-04-25 18:00:42 AEST 
Applied, thanks.
Comment 6 Chris Pepper 2006-04-26 00:56:14 AEST 
Thank you! Mail sent to Apple, nudging them to update from 3.8.1p1.
Comment 7 Darren Tucker 2006-09-28 19:26:12 AEST 
With the release of 4.4, we believe that this bug is now closed.  For information about the release please see http://www.openssh.com/txt/release-4.4 .