https://bugzilla.mindrot.org/show_bug.cgi?id=1526
Summary: SSH key prompt if public key missing and pubkey auth
fails
Product: Portable OpenSSH
Version: 5.1p1
Platform: Other
OS/Version: Mac OS X
Status: NEW
Severity: normal
Priority: P4
Component: ssh-agent
AssignedTo: unassigned-bugs@mindrot.org
ReportedBy: vgiffin@apple.com
If the public key corresponding to a SSH private key is not in ~/.ssh
and public key authentication fails, ssh will ask for your key's
password, even if it is has already been added to ssh-agent.
Steps to Reproduce:
1. Place a SSH private key with an associated password in ~/.ssh/.
2. Remove the corresponding .ssh/id_dsa.pub file.
3. SSH somewhere where the public key is authorized.
4. SSH somewhere where the public key is unauthorized.
Expected Results:
The public key authentication fails.
Actual Results:
A prompt appears requesting your key password.
Regression:
The password prompt does not appear if public-key auth is disabled
(e.g. "ssh -o PreferredAuthentications=password").
Notes:
When the public key file is missing, it seems SSH somehow thinks
there's a "phantom" key present, for which it's prompting. With
id_dsa.pub present, ssh -vv prints:
debug2: key: /Users/nicholas/.ssh/id_dsa (0x108680)
debug2: key: /Users/nicholas/.ssh/id_rsa (0x103280)
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/nicholas/.ssh/id_dsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /Users/nicholas/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,password).
With it absent, you get:
debug2: key: /Users/nicholas/.ssh/id_dsa (0x108ce0)
debug2: key: /Users/nicholas/.ssh/id_rsa (0x103280)
debug2: key: /Users/nicholas/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/nicholas/.ssh/id_dsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /Users/nicholas/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/nicholas/.ssh/id_dsa
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
[dialog appears here]
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
Summary: SSH key prompt if public key missing and pubkey auth
fails
Product: Portable OpenSSH
Version: 5.1p1
Platform: Other
OS/Version: Mac OS X
Status: NEW
Severity: normal
Priority: P4
Component: ssh-agent
AssignedTo: unassigned-bugs@mindrot.org
ReportedBy: vgiffin@apple.com
If the public key corresponding to a SSH private key is not in ~/.ssh
and public key authentication fails, ssh will ask for your key's
password, even if it is has already been added to ssh-agent.
Steps to Reproduce:
1. Place a SSH private key with an associated password in ~/.ssh/.
2. Remove the corresponding .ssh/id_dsa.pub file.
3. SSH somewhere where the public key is authorized.
4. SSH somewhere where the public key is unauthorized.
Expected Results:
The public key authentication fails.
Actual Results:
A prompt appears requesting your key password.
Regression:
The password prompt does not appear if public-key auth is disabled
(e.g. "ssh -o PreferredAuthentications=password").
Notes:
When the public key file is missing, it seems SSH somehow thinks
there's a "phantom" key present, for which it's prompting. With
id_dsa.pub present, ssh -vv prints:
debug2: key: /Users/nicholas/.ssh/id_dsa (0x108680)
debug2: key: /Users/nicholas/.ssh/id_rsa (0x103280)
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/nicholas/.ssh/id_dsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /Users/nicholas/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,password).
With it absent, you get:
debug2: key: /Users/nicholas/.ssh/id_dsa (0x108ce0)
debug2: key: /Users/nicholas/.ssh/id_rsa (0x103280)
debug2: key: /Users/nicholas/.ssh/id_dsa (0x0)
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/nicholas/.ssh/id_dsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: /Users/nicholas/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /Users/nicholas/.ssh/id_dsa
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
[dialog appears here]
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs