Page MenuHome GnuPG
Create Task
Maniphest T1349

respect ssh-add's -c (confirm) option
Closed, ResolvedPublic
Actions

Description

the ssh-add program that interfaces with gpg-agent's ssh-agent implementation has
an option to set a key to "always confirm", that is, every time a key is used, the
ssh agent should ask the user for confirmation (not for the passphrase again).

this option is not respected by gpg-agent, as can be seen for example from the
description of the file format of .gnupg/sshcontrol.

i suggest that gpg-agent respect that option, add a flag to the sshcontrol format
(there is already a '!' prefix, maybe add '?'to indicate the confirm constraint?)
and call pinentry in an appropriate fashion.

the pinentry thing is especially important -- the ssh-agent implementations ssh-
askpass-gnome and ssh-askpass-fullscreen present a pin entry dialog which needs to
be confirmed without actually entering text, creating quite some confusion. i
suppose this is related to the way ssh-askpass is called (it doesn't take
arguments). pinentry could excel here because the CONFIRM command is already
implemented in the clients.

from looking at the source code, i see that SSH_OPT_CONSTRAIN_CONFIRM is already
evaluated, but stored in a confirm variable which is later unused. there's a FIXME
"are constraints used correctly?" -- does this make the bug "already known"? (i
dare to file it anyway.)

Details

Version
2.0.17

Event Timeline

chrysn set Version to 2.0.17.Jun 24 2011, 7:50 PM
chrysn added projects: Feature Request, gnupg.
chrysn added a subscriber: chrysn.
werner added a project: In Progress.Jul 19 2011, 11:46 AM
werner added a subscriber: werner.

Good idea. I started to implement it for 2.1. Tehre will be flag in the
sshcontrol file named "confirm". Need to compute the ssh fingerprint to
resemble the prompt ssh-agent prints (internally we use our keygrip style
fingerprints).

chrysn added a comment.Jul 19 2011, 12:10 PM

concerning the prompt: would it be possible to look up and display the key name
from id_rsa.pub, either at ssh-add time or at confirm time? i might remember
remote host fingerprints, but locally, those names are the best description.

as a fallback before using the fingerprint, the key file name could be used; in
that case, the name would have to be remembered from ssh-add.

werner added a comment.Jul 20 2011, 9:18 PM

All implemented for 2.1.

The fingerprint is now always displayed and
gpg-connect-agent 'KEYINFO --list --ssh-fpr' /bye
Lists all keys with their ssh fingerprints.

The problem with the key name is that ssh-add does not send the comment field to
the agent but uses filename as comment. Thus we have no way to know it. The
comment (and thus the filename) is now always printed.

You may use a binary editor and change the comment field in the respective
~/.gnupg/private-dirs-v1.d/XXXXXXXXXX.key file.

werner added a project: Restricted Project.Jul 20 2011, 9:18 PM
werner removed a project: In Progress.
werner closed this task as Resolved.Jan 3 2012, 7:01 PM
werner claimed this task.
werner removed a project: Restricted Project.