Ubuntu
openssh package

User is prompted for password for irrelevant public key

Bug #314899 reported by Quentin Smith
4
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Ubuntu release: 8.10 (also exists in 8.04)
openssh-client package version: 1:5.1p1-3ubuntu1

When ssh'ing to any server, ssh prompts using a GUI dialog box for the password for any public keys in ~/.ssh, even if those public keys can't be used to authenticate to the server.

If you run ssh -vvv, you can see that the prompts happen before ssh even tries the publickey authentication method. In my particular use case, I am able to authenticate to servers with gssapi-with-mic, but I am still prompted in the GUI for my key's password before gssapi-with-mic authentication is tried. (This is not ssh choosing the wrong authentication method to try first; after canceling the prompt for my passphrase, the ssh client does try other authentication methods before publickey).

This bug is even seen when running ssh-agent and some but not all of the keys in ~/.ssh are loaded; ssh will prompt for the passphrases for unloaded keys before trying the keys that are already loaded.

Pressing cancel at any passphrase dialog boxes eventually lets ssh continue with the authentication successfully.

Revision history for this message
Caspar Clemens Mierau (leitmedium) wrote :

Thank you for taking the time to report this issue. I am marking this bug as invalid as it seems to be a mixture of default (wished) behaviour and not yet fully configurated ssh client. I suggest you to create or tune your ~/.ssh/config file where you can set specific settings for connections and check /etc/ssh/ssh_config against defaults.

You'll be interested in the setting:

     PreferredAuthentications
             Specifies the order in which the client should try protocol 2 authentication methods.
             This allows a client to prefer one method (e.g. keyboard-interactive) over another
             method (e.g. password) The default for this option is: “gssapi-with-mic, hostbased,
             publickey, keyboard-interactive, password”.

If you are sure that even this configuration is ignored, feel free to open this bug again and file your .ssh/config /without personal details) and your /etc/ssh/ssh_config.

Changed in openssh:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.