1981 – Trying to use ssh with a missing identity file gives no warnings

Bug 1981 - Trying to use ssh with a missing identity file gives no warnings

Summary: Trying to use ssh with a missing identity file gives no warnings

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh (show other bugs)
Version:	5.2p1
Hardware:	All All

Importance:	P2 normal
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:	V_6_2
	Show dependency tree / graph

Reported:	2012-02-18 06:28 AEDT by mindrot.org
Modified:	2013-03-22 12:02 AEDT (History)
CC List:	1 user (show)

See Also:

Attachments
warn for missing user-provided IdentityFiles (2.90 KB, patch) 2012-03-09 11:06 AEDT, Darren Tucker	djm: ok+	Details \| Diff
updated patch with feedback (2.83 KB, patch) 2013-02-15 10:38 AEDT, Darren Tucker	djm: ok+	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description mindrot.org 2012-02-18 06:28:57 AEDT

I attempted to set up a ~/.ssh/config entry that said 

Host firewall-link
  Hostname firewall.example.com
  IdentityFile /Home/username/.ssh/id_rsa_vpn
  User vpnuser

However, there was a typo in the IdentityFile line, so it specified the wrong pathname (ie: no such file).  Do you want to know how long it took to track down this error?  Too long!

You can only see the error message if you type 'ssh -d -d -d firewall-link' (the maximum possible debug level), or use a system-call tracing program (like strace) and compare good vs. bad sessions (if you have a good one).

I'm unsure if this was a policy decision for security reasons ("Hide failures"), but as it's an error on the client side, I fail to see the security benefits of not printing "Identity file xxxxxxx not found" as a warning just before moving on to the next authentication method.

Thanks!

Comment 1 Darren Tucker 2012-03-09 10:24:43 AEDT

That code was added a long time ago, but it doesn't seem to be a deliberate decision to hide the error.  I guess the question is: is a non-existent identityfile always an error?

http://anoncvs.mindrot.org/index.cgi/openssh/sshconnect2.c?r1=1.34&r2=1.35

   - markus@cvs.openbsd.org 2001/03/10 12:48:27
     [sshconnect2.c]
     ignore nonexisting private keys; report rjmooney@mediaone.net

Comment 2 Darren Tucker 2012-03-09 10:41:59 AEDT

djm points out that we'd only want to do this for explicitly specified IdentityFiles, not the implicit default ones.

Comment 3 Darren Tucker 2012-03-09 11:06:58 AEDT

Created attachment 2136 [details]
warn for missing user-provided IdentityFiles

Please try the attached patch.

Comment 4 Damien Miller 2013-01-18 10:57:40 AEDT

Comment on attachment 2136 [details]
warn for missing user-provided IdentityFiles

ok djm

>--- sshconnect2.c	29 May 2011 11:42:34 -0000	1.180
>+++ sshconnect2.c	9 Mar 2012 00:02:06 -0000
...
>+		if (userprovided)
>+			logit("no such identity: %s: %s", filename,
>+			    strerror(errno));
>+		else
>+			debug3("no such identity: %s: %s", filename,
>+			    strerror(errno));

I'd probably do this as:

(userprovided ? logit : debug3)("no such identity: %s: %s", filename, strerror(errno));

but that's just a preference.

>-		debug2("key: %s (%p)", id->filename, id->key);
>+		debug2("key: %s (%p), userprovided %d", id->filename, id->key,
>+		    id->userprovided);

Maybe %s and (id->userprovided ? " explicit" : "")

Comment 5 Darren Tucker 2013-02-15 10:38:21 AEDT

Created attachment 2219 [details]
updated patch with feedback

Comment 6 Darren Tucker 2013-02-15 11:21:41 AEDT

applied, thanks.  it will be in the 6.2 release.

Comment 7 Damien Miller 2013-03-22 12:02:17 AEDT

mark bugs closed by openssh-6.2 release as CLOSED