SSH logs in without supplying a password when clicking Cancel
Submitted by bertenvdb
Link to original bug (#761443)
Description
When using seahorse-ssh-askpass for authenticating an ssh session within the terminal emulator, a window pops up saying: Enter password to unlock the private key. It expects the passphrase for my ssh key, and this is the behavior I expect. But when no password or a wrong password is supplied and I click cancel, my ssh session gets logged in correctly nonetheless. This seems unwanted behavior.
When my keyring is locked this also happens. I just started using seahorse so not sure whether my ssh keys are protected with the master password for the keychain with my other passwords.
To be clear:
- I lock my keyring in seahorse and close (and verify it's not running anymore).
- I start a new terminal-emulator which checks whether seahorse-daemon and gnome-keyring-daemon are running (see bash_profile below)
- If I start an ssh session for a host where I've already keyed in the ssh passphrase in the dialog that pops up or I start a session to a host for which I've never keyed in the passphrase, I just get access to the server.
Maybe I'm not fully understanding the seahorse concept, but it seems I've lost the extra security of the passphrases for my ssh keys.
I run Debian Gnu/Linux and these are the steps I did to install/configure:
- Installed gnome-keyring and seahorse
- Added env SSH_ASKPASS=/usr/lib/seahorse/seahorse-ssh-askpass
- Added to .bash_profile: if [ -n "$DESKTOP_SESSION" ];then eval $(/usr/bin/gnome-keyring-daemon --start --components=pkcs11,secrets,ssh) export SSH_AUTH_SOCK eval $(seahorse-daemon --start) export SSH_AUTH_SOCK fi
Specs: Linux jadzia 3.16.0-4-amd64 #1 (closed) SMP Debian 3.16.7-ckt11-1+deb8u6 (2015-11-09) x86_64 GNU/Linux seahorse 3.14.0 GNUPG: /usr/bin/gpg (1.4.18) gnome-keyring: 3.14.0 Terminator 0.97 GNU bash, version 4.3.30(1)-release (x86_64-pc-linux-gnu) Openbox 3.5.2
Kind Regards, Berten
Version: 3.14.x