Page MenuHomePhabricator

Correctly identify more SSH private key problems as "formatting" or "passphrase" related
ClosedPublic

Authored by epriestley on Wed, Nov 13, 6:17 PM.

Details

Summary

Ref T13454. Fixes T13006. When a user provide us with an SSH private key and (possibly) a passphrase:

  1. Try to verify that they're correct by extracting the public key.
  2. If that fails, try to figure out why it didn't work.

Our success in step (2) will vary depending on what the problem is, and we may end up falling through to a very generic error, but the outcome should generally be better than the old approach.

Previously, we had a very unsophisticated test for the text "ENCRYPTED" in the key body and questionable handling of the results: for example, providing a passphrase when a key did not require one did not raise an error.

Test Plan

Created and edited credentials with:

  • Valid, passphrase-free keys.
  • Valid, passphrased keys with the right passphrase.
  • Valid, passphrase-free keys with a passphrase ("surplus passphrase" error).
  • Valid, passphrased keys with no passphrase ("missing passphrase" error).
  • Valid, passphrased keys with an invalid passphrase ("invalid passphrase" error).
  • Invalid keys ("format" error).

The precision of these errors will vary depending on how helpful "ssh-keygen" is.

Diff Detail

Repository
rP Phabricator
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

epriestley created this revision.Wed, Nov 13, 6:17 PM
epriestley requested review of this revision.Wed, Nov 13, 6:18 PM
This revision was not accepted when it landed; it landed in state Needs Review.Wed, Nov 13, 6:22 PM
This revision was automatically updated to reflect the committed changes.