Gentoo Archives: gentoo-user

From: Ian Zimmerman <itz@××××××××××××.org>
To: Gentoo-User Mailinglist <gentoo-user@l.g.o>
Subject: [gentoo-user] Strange and potentially unsafe openssh feature
Date: Thu, 28 Nov 2019 22:16:06
Message-Id: 20191128221552.eqojjlmnc56sil6t@matica.foolinux.mooo.com
For my ssh keys that require passphrases, I use ssh-agent to cache the
decrypted key so I don't have to type the passphrase every time.  Until
yesterday there was only one such key; last night I added a new one
[1].  And, being the lazy thinker I am, I used the same passphrase as
for the old one.

Now, I find that when I run ssh-add to tell ssh-agent about my keys,
_both_ are added to the session after asking me the passphrase only
once!  This can only be secure and correct if the agent somehow compares
the passphrases and knows they are the same; even then, it is _very_
surprising.  Have you seen this and how do you explain it?

[1]
It was necessary to create a new rsa type key because of a stupid server
which doesn't understand ecdsa keys.

-- 
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.

Replies

Subject Author
Re: [gentoo-user] Strange and potentially unsafe openssh feature Mick <michaelkintzios@×××××.com>