forwarded 99675 http://bugzilla.mindrot.org/show_bug.cgi?id=1186 tags 99675 fixed-upstream thanks
On Sat, Jun 02, 2001 at 11:56:00AM +0100, Philip Armstrong wrote: > If I attempt to log in by RSA authentification, with the -i argument to ssh > to denote a file containing the private key, then if that > file has the wrong permissions, then as expected the warning > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > Bad ownership or mode(0704) for 'identity'. > > appears. ssh then asks for the passphrase for the key, promptly gives > the warning again and then abandons the login, with a misleading error > message: > > debug1: Trying RSA authentication with key '[EMAIL PROTECTED]' > debug1: Received RSA challenge from server. > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > Bad ownership or mode(0704) for 'identity'. > It is recommended that your private key files are NOT accessible by others. > Enter passphrase for RSA key '[EMAIL PROTECTED]': > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > Bad ownership or mode(0704) for 'identity'. > It is recommended that your private key files are NOT accessible by others. > Bad passphrase. > > If ssh is going to abandon the login anyway, surely it could do this > after the first warning, rather than giving the warning, asking for > the passphrase, then giving the same warning again before abandoning > the login. On top of that, the final error given, "Bad passphrase" is > wrong; if I simply change the permissions on the identity file to > -rwx------ then I can log in with the same passphrase with no errors > at all. Thanks for your report. This is also the upstream bug http://bugzilla.mindrot.org/show_bug.cgi?id=1186, and has been fixed in OpenSSH 4.4; I'll be packaging 4.6 shortly. Cheers, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
