Re: Better reporting for signature algorithm mismatch?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 05/12/2024 10:16, Jochen Bern wrote:
ouldn't the extra output, even in cases where a different keypair succeeds later on, threaten to hose applications that expect the connection to be transparent (or fail completely)? As in, rsync, git, etc.?

I don't think it would be a problem. There are many other cases where the ssh client inserts messages in normal operation, such as saying the host key is unknown and prompting you to accept it, or password/passphrase/keyboard-interactive authentication.

Also, the remote host itself can generate extra messages on stderr: on a git push/pull for example, I often get messages such as what URL to use to make a merge request. Any reasonable client is going to pass these through.


*If* the login fails *altogether*, however, doing a "post mortem" and adding a line to the effect of "oh, by the way, *one* of the keypairs failed only because of rare condition XY" could still be helpful.

That would be good enough. Something like "One or more keypairs could not be used because no mutual signature algorithm".  Ideally it would be shown *before* the password prompt when falling back to password auth after key auth has failed.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux