Bug 1138 - Passphrase asked for (but ignored) if key file permissions too liberal.
Summary: Passphrase asked for (but ignored) if key file permissions too liberal.
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh-add (show other bugs)
Version: 4.2p1
Hardware: PPC Linux
: P1 minor
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_4_4
  Show dependency treegraph
 
Reported: 2005-12-20 22:10 AEDT by Simon
Modified: 2006-09-28 19:25 AEST (History)
0 users

See Also:


Attachments
Check perms on key files and bail early if bad (2.04 KB, patch)
2005-12-20 23:56 AEDT, Darren Tucker
djm: ok+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Simon 2005-12-20 22:10:23 AEDT
When attempting to add a key with ssh-add, ssh-add prints a nice big error message if the key files permissions are too liberal.  However, it then proceeds to ask the user for a passphrase for the key.  The passphrase is ignored and even a correct passphrase will result in "Bad passphrase, try again".

This behaviour is damn confusing. :) Unless there is a good security reason for keeping it, it would be nice to have ssh-add not ask for the passphrase at all if the key is being ignored.
Comment 1 Darren Tucker 2005-12-20 23:56:50 AEDT
Created attachment 1049 [details]
Check perms on key files and bail early if bad

That behaviour is a side effect of the way ssh-add will try several times to load each key (first with no passphrase, then with the previously supplied passphrase then finally with the user-supplied passphrase).

The attached patch ought to fix this.
Comment 2 Simon 2005-12-21 00:55:14 AEDT
Thanks Darren!

I've applied the patch and recompiled and everything seems good. :)
Comment 3 Damien Miller 2006-03-12 15:36:34 AEDT
Comment on attachment 1049 [details]
Check perms on key files and bail early if bad

looks ok
Comment 4 Darren Tucker 2006-03-13 21:27:52 AEDT
Applied, thanks.  This will be 4.4.
Comment 5 Darren Tucker 2006-09-28 19:25:45 AEST
With the release of 4.4, we believe that this bug is now closed.  For information about the release please see http://www.openssh.com/txt/release-4.4 .