Page MenuHomePhabricator

Correctly identify more SSH private key problems as "formatting" or "passphrase" related

Authored by epriestley on Nov 13 2019, 6:17 PM.
Referenced Files
F13246403: D20905.id49826.diff
Thu, May 23, 10:01 AM
F13210680: D20905.diff
Fri, May 17, 5:06 AM
F13196194: D20905.diff
Sun, May 12, 11:03 PM
Thu, May 9, 3:32 PM
Unknown Object (File)
Mon, May 6, 6:00 PM
Unknown Object (File)
Sun, May 5, 8:31 PM
Unknown Object (File)
Fri, May 3, 3:21 AM
Unknown Object (File)
Mon, Apr 29, 2:49 PM



Ref T13454. Fixes T13006. When a user provide us with an SSH private key and (possibly) a passphrase:

  1. Try to verify that they're correct by extracting the public key.
  2. If that fails, try to figure out why it didn't work.

Our success in step (2) will vary depending on what the problem is, and we may end up falling through to a very generic error, but the outcome should generally be better than the old approach.

Previously, we had a very unsophisticated test for the text "ENCRYPTED" in the key body and questionable handling of the results: for example, providing a passphrase when a key did not require one did not raise an error.

Test Plan

Created and edited credentials with:

  • Valid, passphrase-free keys.
  • Valid, passphrased keys with the right passphrase.
  • Valid, passphrase-free keys with a passphrase ("surplus passphrase" error).
  • Valid, passphrased keys with no passphrase ("missing passphrase" error).
  • Valid, passphrased keys with an invalid passphrase ("invalid passphrase" error).
  • Invalid keys ("format" error).

The precision of these errors will vary depending on how helpful "ssh-keygen" is.

Diff Detail

rP Phabricator
Lint Not Applicable
Tests Not Applicable