User is prompted for password for irrelevant public key
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Ubuntu release: 8.10 (also exists in 8.04)
openssh-client package version: 1:5.1p1-3ubuntu1
When ssh'ing to any server, ssh prompts using a GUI dialog box for the password for any public keys in ~/.ssh, even if those public keys can't be used to authenticate to the server.
If you run ssh -vvv, you can see that the prompts happen before ssh even tries the publickey authentication method. In my particular use case, I am able to authenticate to servers with gssapi-with-mic, but I am still prompted in the GUI for my key's password before gssapi-with-mic authentication is tried. (This is not ssh choosing the wrong authentication method to try first; after canceling the prompt for my passphrase, the ssh client does try other authentication methods before publickey).
This bug is even seen when running ssh-agent and some but not all of the keys in ~/.ssh are loaded; ssh will prompt for the passphrases for unloaded keys before trying the keys that are already loaded.
Pressing cancel at any passphrase dialog boxes eventually lets ssh continue with the authentication successfully.
Thank you for taking the time to report this issue. I am marking this bug as invalid as it seems to be a mixture of default (wished) behaviour and not yet fully configurated ssh client. I suggest you to create or tune your ~/.ssh/config file where you can set specific settings for connections and check /etc/ssh/ssh_config against defaults.
You'll be interested in the setting:
PreferredA uthentications
Specifies the order in which the client should try protocol 2 authentication methods. interactive) over another
publickey , keyboard- interactive, password”.
This allows a client to prefer one method (e.g. keyboard-
method (e.g. password) The default for this option is: “gssapi-with-mic, hostbased,
If you are sure that even this configuration is ignored, feel free to open this bug again and file your .ssh/config /without personal details) and your /etc/ssh/ ssh_config.