Bug#99675: "unprotected private key file" warning problems

To: Philip Armstrong <phil@kantaka.co.uk>
Cc: 99675@bugs.debian.org, control@bugs.debian.org
Subject: Bug#99675: "unprotected private key file" warning problems
From: Colin Watson <cjwatson@debian.org>
Date: Tue, 12 Jun 2007 15:55:26 +0100
Message-id: <[🔎] 20070612145526.GA28714@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 99675@bugs.debian.org
In-reply-to: <E15694a-00014k-00@localhost>
References: <E15694a-00014k-00@localhost>

forwarded 99675 http://bugzilla.mindrot.org/show_bug.cgi?id=1186
tags 99675 fixed-upstream
thanks

On Sat, Jun 02, 2001 at 11:56:00AM +0100, Philip Armstrong wrote:
> If I attempt to log in by RSA authentification, with the -i argument to ssh
> to denote a file containing the private key, then if that
> file has the wrong permissions, then as expected the warning
> 
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Bad ownership or mode(0704) for 'identity'.
> 
> appears. ssh then asks for the passphrase for the key, promptly gives
> the warning again and then abandons the login, with a misleading error
> message:
> 
> debug1: Trying RSA authentication with key 'phil@kepler.fsel.com'
> debug1: Received RSA challenge from server.
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Bad ownership or mode(0704) for 'identity'.
> It is recommended that your private key files are NOT accessible by others.
> Enter passphrase for RSA key 'phil@kepler.fsel.com': 
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> Bad ownership or mode(0704) for 'identity'.
> It is recommended that your private key files are NOT accessible by others.
> Bad passphrase.
> 
> If ssh is going to abandon the login anyway, surely it could do this
> after the first warning, rather than giving the warning, asking for
> the passphrase, then giving the same warning again before abandoning
> the login. On top of that, the final error given, "Bad passphrase" is
> wrong; if I simply change the permissions on the identity file to
> -rwx------ then I can log in with the same passphrase with no errors
> at all.

Thanks for your report. This is also the upstream bug
http://bugzilla.mindrot.org/show_bug.cgi?id=1186, and has been fixed in
OpenSSH 4.4; I'll be packaging 4.6 shortly.

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Processed: Re: "unprotected private key file" warning problems
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: Re: "unprotected private key file" warning problems
Next by Date: Processed: merge more known_hosts port bugs
Previous by thread: Bug#199914: marked as done (ssh: "lost connection" when trying to scp... but ssh fine.)
Next by thread: Processed: Re: "unprotected private key file" warning problems
Index(es):
- Date
- Thread