openssh3.7.1p{1,2}: IdentityFile in config forces request for passphrase even with agent

• Previous message: Darren Tucker: "Re: openssh with securecrt"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 9 Oct 2003 14:44:37 -0400 (EDT)
To: ML-ssh <secureshell@securityfocus.com>

Good day, all,
        I've just upgraded to 3.7.1p{1,2} (from 3.6.1p1, which did not
have the behavior I'm about to describe) on Redhat Linux. I noticed that
all my outbound connections ask for a passphrase for ~/.ssh/id_dsa, even
though that key has already been loaded into ssh-agent. Even though there
is a non-null passphrase assigned to that key, all I have to do is hit
enter and the connection goes through correctly, which makes me think that
the ssh client then figured out it should use the agent. Here are (what I
hope are) the relevant lines from ssh -v:

debug1: Enabling compression at level 6.
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/wstearns/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/home/wstearns/.ssh/id_dsa':

        (Enter pressed here)

debug1: Offering public key: /home/wstearns/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Requesting authentication agent forwarding.
Last login: Thu Oct 9 14:33:04 2003 from sparrow-g4
[root@zaphod root]#

        By commenting out the line:
IdentityFile /home/wstearns/.ssh/id_dsa
        in ~/.ssh/config, outbound ssh connections no longer ask me for a
passphrase, but immediately go through to the server as expected:

debug1: Enabling compression at level 6.
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/wstearns/.ssh/id_dsa
debug1: Server accepts key: pkalg ssh-dss blen 433
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: Requesting authentication agent forwarding.
Last login: Thu Oct 9 14:39:29 2003 from sparrow-g4
[root@zaphod root]#

        I'm not reporting this as a bug - I'm leaning much more heavily
towards user error :-) - but simply noting a change in behavior.
        Cheers,
        - Bill

---------------------------------------------------------------------------
        "Villanueva pointed out that the state has recently begun paying
water and energy bills on behalf of many schools. '(T)hey are so poor
that they could not afford these services, and the provision was being
interrupted,' he said. 'Does it make sense in this context to use
tax-payer's money to pay Microsoft licenses?' "
        -- Peruvian congressman Edgar Villanueva
(Courtesy of http://www.wired.com/news/business/0,1367,54141-2,00.html )
--------------------------------------------------------------------------
William Stearns (wstearns@pobox.com). Mason, Buildkernel, freedups, p0f,
rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org
Linux articles at: http://www.opensourcedigest.com
--------------------------------------------------------------------------

• Previous message: Darren Tucker: "Re: openssh with securecrt"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]