Bug 21135 - ssh-add with no args doesn't attempt to use same passphrase for both RSA and DSA keys
ssh-add with no args doesn't attempt to use same passphrase for both RSA and ...
Status: CLOSED WONTFIX
Product: Red Hat Linux
Classification: Retired
Component: openssh (Show other bugs)
7.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-11-20 12:58 EST by David Woodhouse
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-11-20 12:58:28 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to provide requested functionality (1.78 KB, patch)
2001-01-07 17:15 EST, David Woodhouse
no flags Details | Diff

  None (edit)
Description David Woodhouse 2000-11-20 12:58:25 EST
On most machines I now have both RSA and DSA keys, for connecting to SSHv1
or SSHv2 hosts respectively. I tend to give the keys the same passphrase -
I'm sure many people do the same. 

When adding both RSA and DSA keys, I believe ssh-add should attempt to
re-use the first passphrase given for the second key, and only prompt for a
second time if it fails.
Comment 1 Nalin Dahyabhai 2000-11-20 15:42:32 EST
After a passphrase is read in and ssh-add attempts to use it to decrypt a key
file, it takes care to clear the memory used.  This leads me to believe that
reusing passphrases in this manner would be a Bad Thing.
Comment 2 David Woodhouse 2001-01-07 17:11:46 EST
Remembering the passphrase for the duration of a single invocation of ssh-add
wouldn't open any new vulnerability. If you're paranoid about an attacker being
able to control/crash ssh-add and read the passphrase then the same applies to
getting decrypted keys from ssh-agent and you shouldn't be using them at all.
Comment 3 David Woodhouse 2001-01-07 17:15:04 EST
Created attachment 7207 [details]
patch to provide requested functionality

Note You need to log in before you can comment on or make changes to this bug.