Bug 7826 - No password prompt for unauthorized SSH key
Summary: No password prompt for unauthorized SSH key
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Client (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.15.0
Assignee: Pierre Ossman
Depends on:
Reported: 2022-01-26 10:37 CET by Frida Flodin
Modified: 2023-07-03 15:03 CEST (History)
0 users

See Also:
Acceptance Criteria:


Description Frida Flodin cendio 2022-01-26 10:37:27 CET
If a user has a password-protected private key and no corresponding <key>.pub available, ThinLinc client should always prompt for the password when trying to connect with public key authentication. For some reason, this does not happen when the user is not authorized to connect to the server. If the user IS authorized the prompt is shown, as it should.

This is a regression in 4.13.0 and was probably broken when ssh was upgraded in 7524. The same behavior is found with clients on Ubuntu 20.04, Windows 11 and macOS 12.1.

To reproduce:
Use an unauthorized private key, that is password-protected, when trying to connect to the server. 
- Make sure there is no <key>.pub in the same directory as the private key.

Expected result:
A password prompt should appear.

Actual result: 
No password prompt, instead the message that the user is not authorized is shown directly.
Comment 1 Pierre Ossman cendio 2023-07-03 15:01:17 CEST
This is the result of OpenSSH switching to using their own format for storing private keys, rather than using one of the existing PKCS formats. In their format, the public portion is always stored unencrypted before the (optionally) encrypted private key.

This fully explains the behaviour we are seeing, so there is no latent bug here.

Note You need to log in before you can comment on or make changes to this bug.