openssh-portable icon indicating copy to clipboard operation
openssh-portable copied to clipboard
verified publisher icon openssh

ssh-keygen: print keyfile when reading passphrase

Open qwerty287 opened this issue 1 year ago • 12 comments

Hello!

When ssh-keygen needs a passphrase to decrypt a private key, it just prints the message Enter passphrase:.

However, applications like KSSHAskPass are using this prompt to determine which key is currently being used so the correct passphrase can be requested from the password stores.

This changes the message to the one used for most other requests, Enter passphrase for key '…':.

I never developed with C before, so if there's something that needs a change, please just comment!

Thanks!

qwerty287 avatar Jun 29 '24 11:06 qwerty287

I think this output should only be optional, activated by a commandline-switch. Adding additional screen-output by default could break any existing scripts that use ssh-keygen, for example automation-scripts that are used in UI-wizards when installing a fresh Linux distribution. So I'd suggest to have that output disabled by default and add another commandline-option to enable it.

ChrisTG742 avatar Jul 01 '24 14:07 ChrisTG742

I understand your point, but unfortunately this wouldn't solve my initial problem because I don't call ssh-keygen myself (my problem is git committing with ssh signature). Maybe this could be done using an env var instead?

qwerty287 avatar Jul 01 '24 19:07 qwerty287

@ChrisTG742 What do you think about my suggestion?

qwerty287 avatar Jul 15 '24 18:07 qwerty287

@ChrisTG742 What do you think about my suggestion?

Sounds reasonable to me. However, it's not up to me to decide as I'm not the maintainer of this repo. I just indicate that it could cause trouble if you change the standard-output.

ChrisTG742 avatar Jul 16 '24 14:07 ChrisTG742

@djmdjm I assume you're the maintainer here? Maybe you can take a look at my changes now?

qwerty287 avatar Jul 16 '24 17:07 qwerty287

@djmdjm Sorry for mentioning you again - but could you either take a look at my changes or tell me how I should go on with this?

qwerty287 avatar Aug 18 '24 18:08 qwerty287

Hey @djmdjm I would like to get that done. Could you review my changes?

qwerty287 avatar Aug 27 '24 10:08 qwerty287

Hello @djmdjm please tell me what to do. It is really frustrating to see this jsut getting ignored completely.

qwerty287 avatar Sep 07 '24 06:09 qwerty287

IMO the best solution here is to make read_passphrase() accept a printf(3)-style format string. Then it will be trivial to add the filename wherever it is used. I'll take a look at this, but I'm not sure it will make the 9.9 release.

djmdjm avatar Sep 09 '24 08:09 djmdjm

@djmdjm looks like 9.9 was released now, so what's the state of this issue?

qwerty287 avatar Sep 22 '24 12:09 qwerty287

Hey @djmdjm, what's the state here? 9.9 was released

qwerty287 avatar Oct 06 '24 05:10 qwerty287

@djmdjm It's really frustrating seeing PRs like this completely ignored. You wrote a comment once and it looks like this resolved the issue for you. Please tell me how I can help here.

qwerty287 avatar Oct 20 '24 06:10 qwerty287

@djmdjm Please actually respond to me. I'll close this in the next days otherwise. If you're not interested in a better openssh, that's sad but I can't change it.

qwerty287 avatar Oct 28 '24 06:10 qwerty287

@djmdjm I'm closing this now. It's really frustrating and sad that I do not get any answers from you. Feel free to come back to this again if I can do something.

qwerty287 avatar Nov 02 '24 08:11 qwerty287