Local Items Keychain breaks SSH-agent
| Originator: | pepi.zawodsky | ||
| Number: | rdar://15655701 | Date Originated: | 13-Dec-2013 01:35 PM |
| Status: | Open | Resolved: | |
| Product: | OS X | Product Version: | 10.9.0 (13603) |
| Classification: | Serious Bug | Reproducible: | Always |
Summary: The forcing of Local Items keychain breaks the functionality of SSH Agent. Steps to Reproduce: Have the passwords to your SSH private keys on any keychain but the “Local Items” keychain. try to ssh with a connection that makes use of a private key whose password is on said keychain. Expected Results: SSH-agent should just take the password from any keychain, and ask the user to unlock said keychain if necessary. Actual Results: SSH prompts for the password of the keychain instead of using the one on the keychain like it used to. Regression: This is new in OS X 10.9 and likely related to keychain corruption observed in 10.9 as well as the forcing of the Local Items keychain upon users. Notes: This leads to a de-facto denial of service for SSH servers that do not allow any other login method than keys. Since the need for entering the private key password is actually what SSH-agent should prevent.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!