Bug 471 - Misleading error message if /dev/tty permissions wrong
Summary: Misleading error message if /dev/tty permissions wrong
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: -current
Hardware: ix86 Linux
: P2 normal
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords: openbsd, patch
: 734 872 (view as bug list)
Depends on:
Blocks:
 
Reported: 2003-01-19 17:49 AEDT by Will Yardley
Modified: 2006-10-07 11:35 AEST (History)
2 users (show)

See Also:

Attachments
Allow stdin for confirming host keys. (627 bytes, patch)
2004-05-12 13:54 AEST, Darren Tucker 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Will Yardley 2003-01-19 17:49:16 AEDT 
If a user doesn't have read / write permissions to /dev/tty with OpenSSH 3.4p1
on Linux, the error message given is "Host key verification failed"; this error
message is misleading and confusing IMHO.

dali% ssh -V
OpenSSH_3.4p1 Debian 1:3.4p1-1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f

dali% ssh jazz.hq.newdream.net
Host key verification failed.
dali% strace ssh jazz.hq.newdream.net
[...]
read(4, "jareth,jareth.dreamhost.com,66.3"..., 4096) = 251
read(4, "", 4096)                       = 0
close(4)                                = 0
munmap(0x124000, 4096)                  = 0
open("/dev/tty", O_RDWR|O_LARGEFILE)    = -1 EACCES (Permission denied)
open("/dev/tty", O_RDWR|O_LARGEFILE)    = -1 EACCES (Permission denied)
write(2, "Host key verification failed.\r\n", 31Host key verification failed.
) = 31
shutdown(3, 2 /* send and receive */)   = 0
close(3)                                = 0
_exit(255)                              = ?

Changing permissions on /dev/tty seems to fix this problem.
Comment 1 Damien Miller 2003-01-19 18:45:42 AEDT 
What happened when you fixed the permissions of /dev/tty? I bet you were asked
to confirm a new host key...
Comment 2 Will Yardley 2003-01-20 05:45:05 AEDT 
True - if the key is present already, I get:
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive).

It still is quite confusing to have it immediately say "Host key verification
failed." - I don't know if it's possible to make the error clearer though.
Comment 3 Darren Tucker 2003-10-08 12:30:02 AEST 
*** Bug 734 has been marked as a duplicate of this bug. ***
Comment 4 Darren Tucker 2004-05-12 13:54:37 AEST 
Created attachment 634 [details]
Allow stdin for confirming host keys.

Any reason not to allow stdin when confirming host keys as per attached patch?
Comment 5 Darren Tucker 2004-05-24 13:36:07 AEST 
*** Bug 872 has been marked as a duplicate of this bug. ***
Comment 6 Darren Tucker 2005-04-24 09:50:11 AEST 
Have added some debugging messages to make it clearer what's going on here,
which will show up with "ssh -v":

debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: Permission denied
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.

I didn't make it an error() because that would happen under some conditions
where it's not an error (eg where ssh-askpass would be used).
Comment 7 Darren Tucker 2006-10-07 11:35:38 AEST 
Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.