Page MenuHomePhabricator

Correctly identify more SSH private key problems as "formatting" or "passphrase" related
ClosedPublic

Authored by epriestley on Nov 13 2019, 6:17 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Nov 18, 6:49 PM
Unknown Object (File)
Oct 25 2024, 1:20 PM
Unknown Object (File)
Oct 9 2024, 12:46 PM
Unknown Object (File)
Oct 3 2024, 2:04 PM
Unknown Object (File)
Oct 3 2024, 1:18 AM
Unknown Object (File)
Oct 3 2024, 1:18 AM
Unknown Object (File)
Oct 3 2024, 1:17 AM
Unknown Object (File)
Oct 3 2024, 1:05 AM
Subscribers
None

Details

Summary

Ref T13454. Fixes T13006. When a user provide us with an SSH private key and (possibly) a passphrase:

  1. Try to verify that they're correct by extracting the public key.
  2. If that fails, try to figure out why it didn't work.

Our success in step (2) will vary depending on what the problem is, and we may end up falling through to a very generic error, but the outcome should generally be better than the old approach.

Previously, we had a very unsophisticated test for the text "ENCRYPTED" in the key body and questionable handling of the results: for example, providing a passphrase when a key did not require one did not raise an error.

Test Plan

Created and edited credentials with:

  • Valid, passphrase-free keys.
  • Valid, passphrased keys with the right passphrase.
  • Valid, passphrase-free keys with a passphrase ("surplus passphrase" error).
  • Valid, passphrased keys with no passphrase ("missing passphrase" error).
  • Valid, passphrased keys with an invalid passphrase ("invalid passphrase" error).
  • Invalid keys ("format" error).

The precision of these errors will vary depending on how helpful "ssh-keygen" is.

Diff Detail

Repository
rP Phabricator
Branch
ssh1
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 23653
Build 32516: Run Core Tests
Build 32515: arc lint + arc unit