Bug 1138

Summary: Passphrase asked for (but ignored) if key file permissions too liberal.
Product: Portable OpenSSH Reporter: Simon <hodgestar>
Component: ssh-addAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: minor    
Priority: P1    
Version: 4.2p1   
Hardware: PPC   
OS: Linux   
Bug Depends on:    
Bug Blocks: 1155    
Attachments:
Description Flags
Check perms on key files and bail early if bad djm: ok+

Description Simon 2005-12-20 22:10:23 AEDT 
When attempting to add a key with ssh-add, ssh-add prints a nice big error message if the key files permissions are too liberal.  However, it then proceeds to ask the user for a passphrase for the key.  The passphrase is ignored and even a correct passphrase will result in "Bad passphrase, try again".

This behaviour is damn confusing. :) Unless there is a good security reason for keeping it, it would be nice to have ssh-add not ask for the passphrase at all if the key is being ignored.
Comment 1 Darren Tucker 2005-12-20 23:56:50 AEDT 
Created attachment 1049 [details]
Check perms on key files and bail early if bad

That behaviour is a side effect of the way ssh-add will try several times to load each key (first with no passphrase, then with the previously supplied passphrase then finally with the user-supplied passphrase).

The attached patch ought to fix this.
Comment 2 Simon 2005-12-21 00:55:14 AEDT 
Thanks Darren!

I've applied the patch and recompiled and everything seems good. :)
Comment 3 Damien Miller 2006-03-12 15:36:34 AEDT 
Comment on attachment 1049 [details]
Check perms on key files and bail early if bad

looks ok
Comment 4 Darren Tucker 2006-03-13 21:27:52 AEDT 
Applied, thanks.  This will be 4.4.
Comment 5 Darren Tucker 2006-09-28 19:25:45 AEST 
With the release of 4.4, we believe that this bug is now closed.  For information about the release please see http://www.openssh.com/txt/release-4.4 .