User is prompted for password for irrelevant public key

Bug #314899 reported by Quentin Smith on 2009-01-07
4
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Undecided
Unassigned

Bug Description

Ubuntu release: 8.10 (also exists in 8.04)
openssh-client package version: 1:5.1p1-3ubuntu1

When ssh'ing to any server, ssh prompts using a GUI dialog box for the password for any public keys in ~/.ssh, even if those public keys can't be used to authenticate to the server.

If you run ssh -vvv, you can see that the prompts happen before ssh even tries the publickey authentication method. In my particular use case, I am able to authenticate to servers with gssapi-with-mic, but I am still prompted in the GUI for my key's password before gssapi-with-mic authentication is tried. (This is not ssh choosing the wrong authentication method to try first; after canceling the prompt for my passphrase, the ssh client does try other authentication methods before publickey).

This bug is even seen when running ssh-agent and some but not all of the keys in ~/.ssh are loaded; ssh will prompt for the passphrases for unloaded keys before trying the keys that are already loaded.

Pressing cancel at any passphrase dialog boxes eventually lets ssh continue with the authentication successfully.

Thank you for taking the time to report this issue. I am marking this bug as invalid as it seems to be a mixture of default (wished) behaviour and not yet fully configurated ssh client. I suggest you to create or tune your ~/.ssh/config file where you can set specific settings for connections and check /etc/ssh/ssh_config against defaults.

You'll be interested in the setting:

     PreferredAuthentications
             Specifies the order in which the client should try protocol 2 authentication methods.
             This allows a client to prefer one method (e.g. keyboard-interactive) over another
             method (e.g. password) The default for this option is: “gssapi-with-mic, hostbased,
             publickey, keyboard-interactive, password”.

If you are sure that even this configuration is ignored, feel free to open this bug again and file your .ssh/config /without personal details) and your /etc/ssh/ssh_config.

Changed in openssh:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers