Re: Bad passphrase with public key authentication

From: per@xxxxxxxxxxxxxxxxxx (Per Hedeland)
Date: Thu, 30 Dec 2010 02:02:20 +0000 (UTC)

In article <ifflrh$8pe$1@xxxxxxxxxxxxxxxxxxxx> Niels Stevens
<steniels@xxxxxxxxx> writes:

Now when I tried to connect to my server from my macbook I just won't
accept the password for my key.

I tried generating and using different keys. I used one without
password, one with a simple password 'test'.

And still every time again the ssh server is complaining : "bad
passphrase given, try again..." .

I'm afraid that's impossible, the server doesn't know anything about
passphrases - the client uses the passphrase to decrypt the encrypted
private key; neither the passphrase nor the private key (encrypted or
not) is ever sent to the server. You could also verify this by e.g.:

$ strings /usr/sbin/sshd | grep passphrase
ssh_read_passphrase
$ strings /usr/bin/ssh | grep passphrase
ssh_read_passphrase
Enter passphrase for RSA key '%.100s':
no passphrase given, try next key
bad passphrase given, try again...
Bad passphrase.
Enter passphrase for key '%.100s':
$

I'm 100% sure it isn't my macbook because I use a ssh key pair to logon
my remote subversion
server also using a password for the keys.

One possibility is that you have some ssh command causing the message in
your $HOME/.profile on the server or something like that. Or of course
that you use a *different* keys for the subversion server
(i.e. different "identity file" - see the -i option in ssh(1) and the
IdentityFile keyword in ssh_config(5) - and remember to check your
~/.ssh/config).

--Per Hedeland
per@xxxxxxxxxxxx
.

References:
- Bad passphrase with public key authentication
  - From: Niels Stevens

Prev by Date: Re: Bad passphrase with public key authentication
Next by Date: ldapsearch from server does not work but works from client
Previous by thread: Re: Bad passphrase with public key authentication
Next by thread: ldapsearch from server does not work but works from client
Index(es):
- Date
- Thread

Relevant Pages

Re: Can someone recommend an FTP server for Mac OS 10.5.6 that ...
... You might consider configuring the server to require public/private keys ... Enter passphrase: ... Next time you connect from the client machine, ... Use a real news client if you want me to see your posts. ...
(comp.sys.mac.system)
Re: [Full-disclosure] PuTTY private key passphrase stealing attack
... server to gain access to a user's passphrase by spoofing that prompt. ... PuTTY now asks for the passphrase to the key. ... attacker has gained access to a user account on the server, ... As a malicious server is required, the attack probability is not very high. ...
(Full-Disclosure)
Re: [Full-disclosure] PuTTY private key passphrase stealing attack
... server to gain access to a user's passphrase by spoofing that prompt. ... PuTTY now asks for the passphrase to the key. ... attacker has gained access to a user account on the server, ... As a malicious server is required, the attack probability is not very high. ...
(Full-Disclosure)
Re: [Full-disclosure] PuTTY private key passphrase stealing attack
... server to gain access to a user's passphrase by spoofing that prompt. ... PuTTY now asks for the passphrase to the key. ... attacker has gained access to a user account on the server, ... As a malicious server is required, the attack probability is not very high. ...
(Bugtraq)
[Full-disclosure] PuTTY private key passphrase stealing attack
... PuTTY, a SSH client for Windows, requests the passphrase to the ssh key in the console window used for the connection. ... This could allow a malicious server to gain access to a user's passphrase by spoofing that prompt. ...
(Full-Disclosure)