Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 3429] Confusing error message from `ssh-keygen -Y sign` when private key is not in agent
bugzilla-daemon at mindrot
May 5, 2022, 9:28 PM
Post #1 of 6 (353 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3429

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |djm@mindrot.org,
| |dtucker@dtucker.net
Attachment #3589| |ok?(dtucker@dtucker.net)
Flags| |

--- Comment #1 from Damien Miller <djm@mindrot.org> ---
Created attachment 3589
--> https://bugzilla.mindrot.org/attachment.cgi?id=3589&action=edit
improve error message

I think at the very least we can improve the error message. This patch
adjusts the error message to read:

> No private key found for "/tmp/id_ed25519"

which might give the user a chance to consider checking the agent.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3429] Confusing error message from `ssh-keygen -Y sign` when private key is not in agent [ In reply to ]
bugzilla-daemon at mindrot
May 5, 2022, 9:43 PM
Post #2 of 6 (353 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3429

Darren Tucker <dtucker@dtucker.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #3589|ok?(dtucker@dtucker.net) |ok+
Flags| |

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3429] Confusing error message from `ssh-keygen -Y sign` when private key is not in agent [ In reply to ]
bugzilla-daemon at mindrot
May 6, 2022, 1:18 AM
Post #3 of 6 (351 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3429

--- Comment #2 from Adam Szkoda <adaszko@gmail.com> ---
Thanks Damien. Your patch is indeed an improvement. Although the
error message coming from git is still going to be a little bit
confusing -- it's expressed in terms of a temporary file path that the
user has no control over.

Zooming out a little, I think the root cause is the double meaning of
the `-f` option: it's used for specifying both the private and the
public key which, in case anything goes wrong, makes it hard to guess
what the actual user intention was and thus produce an accurate error
message.

There are two ways that I see it could be improved further for git
users:

1) An additional warning could be produced if ssh-keygen didn't find
the private key in the agent. That I think would be a sufficient hint
to git user. Though such a warning is a bit questionable given the
fact it's normal, documented behavior to perform a fallback to reading
a the private key from the file given to `-f`.

2) Better IMO: It would have been clearer if for `-Y sign`, the `-f`
option was restricted to only to specify a *public* key. An additional
option would need to be passed to indicate that `-f` is being given a
*private* key. As it happens, such option already exists: `-U`, so it
seems like an ideal candidate. I realize though, it's easier said than
done given backward compatibility.

Or perhaps 3): There's something on the git side that can be done to
make it clear the key is missing from ssh-agent?

Cheers

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3429] Confusing error message from `ssh-keygen -Y sign` when private key is not in agent [ In reply to ]
bugzilla-daemon at mindrot
May 8, 2022, 4:16 PM
Post #4 of 6 (348 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3429

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #3589|0 |1
is obsolete| |
Attachment #3590| |ok?(dtucker@dtucker.net)
Flags| |

--- Comment #3 from Damien Miller <djm@mindrot.org> ---
Created attachment 3590
--> https://bugzilla.mindrot.org/attachment.cgi?id=3590&action=edit
Use prefer_agent

ha, I forgot that we had a flag for that. This patch make -U require
the agent for -Y sign operations.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3429] Confusing error message from `ssh-keygen -Y sign` when private key is not in agent [ In reply to ]
bugzilla-daemon at mindrot
May 8, 2022, 5:46 PM
Post #5 of 6 (348 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3429

Darren Tucker <dtucker@dtucker.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #3590|ok?(dtucker@dtucker.net) |ok+
Flags| |

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3429] Confusing error message from `ssh-keygen -Y sign` when private key is not in agent [ In reply to ]
bugzilla-daemon at mindrot
May 9, 2022, 12:26 AM
Post #6 of 6 (348 views)
Permalink
https://bugzilla.mindrot.org/show_bug.cgi?id=3429

--- Comment #5 from Adam Szkoda <adaszko@gmail.com> ---
Wonderful! Thank you for your time, Damien! :)

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal