[Bug 815489] Re: ssh client should not ask for key passphrase when an unprotected key is available

Clint Byrum clint at fewbar.com
Thu Jul 28 14:36:41 UTC 2011 

Hi Kaspar, thanks for taking the time to file a bug report!

Marking importance as Low, since this is mostly just a poorly chosen
behavior, not necessarily wrong.

** Changed in: openssh (Ubuntu)
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/815489

Title:
  ssh client should not ask for key passphrase when an unprotected key
  is available

Status in “openssh” package in Ubuntu:
  New

Bug description:
  When connecting to an ssh server, that will accept two different keys
  for authentication, and both of them are present in the .ssh directory
  on the client, the client will prefer to ask the user for a passphrase
  for a protected keyfile instead of using an unprotected keyfile.

  Asking for a passphrase when none is needed is bad for user experience
  and for productivity.

  More specifically what happens is that the ssh client will contact
  gnome-keyring-daemon to use a protected keyfile before it looks into
  the .ssh directory itself.

  This decision in the ssh client makes more sense with the stock ssh-
  agent, where a key provided by the agent is unlocked by default. With
  gnome-keyring-daemon, by default the agent will list all the keys that
  are currently protected and none of those, that are unprotected.

  A more appropriate order to test the keys in is:
  1. Unprotected keys from ~/.ssh
  2. Keys provided by the agent
  3. Protected keys from ~/.ssh

  This will give a reasonable behavior even without knowing if keys
  provided by the agent are protected or not. The problem is not
  specific to gnome-keyring-daemon, the same problem is present when
  using "ssh-add -c" with a standard ssh-agent.

  ProblemType: Bug
  DistroRelease: Ubuntu 10.04
  Package: openssh-client 1:5.3p1-3ubuntu7
  ProcVersionSignature: Ubuntu 2.6.32-33.70-generic 2.6.32.41+drm33.18
  Uname: Linux 2.6.32-33-generic i686
  Architecture: i386
  Date: Sun Jul 24 18:54:44 2011
  EcryptfsInUse: Yes
  InstallationMedia: Ubuntu 10.04.3 LTS "Lucid Lynx" - Release i386 (20110720.1)
  ProcEnviron:
   LANG=en_DK.utf8
   SHELL=/bin/bash
  SourcePackage: openssh

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/815489/+subscriptions

More information about the foundations-bugs mailing list