Bug 7313 - Bad error message for wrong type of SSH key
Summary: Bad error message for wrong type of SSH key
Status: CLOSED FIXED
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Client (show other bugs)
Version: trunk
Hardware: PC All
: P2 Normal
Target Milestone: 4.14.0
Assignee: Niko Lehto
URL:
Keywords: linma_tester, relnotes
Depends on:
Blocks:
 
Reported: 2019-03-05 16:24 CET by Samuel Mannehed
Modified: 2021-09-09 10:36 CEST (History)
2 users (show)

See Also:
Acceptance Criteria:
The user will get an clear error message in the case of the given SSH key file being of a wrong type. Examples of bad key files we should be able to show better messages for: - Public key given instead of private key file - putty .ppk key - Too short key - Wrong/unknown type of key


Attachments
Private rsa key that is too short (1016 bytes, application/octet-stream)
2021-09-06 15:35 CEST, Niko Lehto
Details
Public rsa key that is too short (223 bytes, application/vnd.ms-publisher)
2021-09-06 15:35 CEST, Niko Lehto
Details

Description Samuel Mannehed cendio 2019-03-05 16:24:58 CET
When using public key authentication and the user chooses the wrong type of key, the client will display "You are not authorized to connect to this server". This error message is not very helpful to the user.

Examples of wrong types of keys:

* putty .ppk key
* Choosing the public key instead of the private one

Also see bug 5317 and bug 7207.
Comment 5 Niko Lehto cendio 2021-09-02 15:52:16 CEST
Tested solution on Fedora 33 server and client with an RSA key pair.

✓ Normal login (Password)
✓ Login with public key authentication
✓ We still get "You are not authorized to connect to this server" when trying to connect to a server without agent in authorized_keys.
✓ Providing a .ppk file will now say "The specified key has an incorrect format. Please check that the provided path is correct."
✓ Providing a file with too open permissions will also give an error message now. "The specified key has too open permissions. Please check that the provided path is correct.". This most likely happens when you provide key.pub file or other bad files.

We should check if we should handle more error messages from OpenSSH.
Comment 9 Niko Lehto cendio 2021-09-06 15:34:14 CEST
Tested my changes on Fedora 33 server/client:
✓ We now get an message specific for too short keys.

I had to bypass checks in ssh-keygen to make the short key for testing purposes, so I'll attach them here so that tester can use them.
Comment 10 Niko Lehto cendio 2021-09-06 15:35:27 CEST
Created attachment 996 [details]
Private rsa key that is too short
Comment 11 Niko Lehto cendio 2021-09-06 15:35:57 CEST
Created attachment 997 [details]
Public rsa key that is too short
Comment 12 Linn cendio 2021-09-09 10:36:12 CEST
Tested with server build 2265 and client build 2185, both on Ubuntu 20.04. Everything works as expected, and the error messages look good.

 ✓ Normal login (Password)
 ✓ Login with public key authentication

 ✓ We still get "You are not authorized to connect to this server" when trying to connect to a server without agent in authorized_keys.
 ✓ Providing a .ppk file will now say "The specified key has an incorrect format. Please check that the provided path is correct."
 ✓ Providing a file with too open permissions will also give an error message now. "The specified key has too open permissions. Please check that the provided path is correct.".
 ✓ We now get a message specific for too short keys.

Note You need to log in before you can comment on or make changes to this bug.