From: djm Date: Sun, 15 Sep 2024 00:47:01 +0000 (+0000) Subject: include pathname in some of the ssh-keygen passphrase prompts. Helps X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=25b9fca72c78afde3ed9eee91ec216033ce4f299;p=openbsd include pathname in some of the ssh-keygen passphrase prompts. Helps the user know what's going on when ssh-keygen is invoked via other tools. Requested in GHPR503 --- diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 71ad9a39199..e384ccca6c8 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.474 2024/09/04 05:33:34 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.475 2024/09/15 00:47:01 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -300,7 +300,7 @@ ask_filename(struct passwd *pw, const char *prompt) static struct sshkey * load_identity(const char *filename, char **commentp) { - char *pass; + char *prompt, *pass; struct sshkey *prv; int r; @@ -312,8 +312,11 @@ load_identity(const char *filename, char **commentp) fatal_r(r, "Load key \"%s\"", filename); if (identity_passphrase) pass = xstrdup(identity_passphrase); - else - pass = read_passphrase("Enter passphrase: ", RP_ALLOW_STDIN); + else { + xasprintf(&prompt, "Enter passphrase for \"%s\": ", filename); + pass = read_passphrase(prompt, RP_ALLOW_STDIN); + free(prompt); + } r = sshkey_load_private(filename, pass, &prv, commentp); freezero(pass, strlen(pass)); if (r != 0) @@ -3110,17 +3113,22 @@ read_check_passphrase(const char *prompt1, const char *prompt2, } static char * -private_key_passphrase(void) +private_key_passphrase(const char *path) { + char *prompt, *ret; + if (identity_passphrase) return xstrdup(identity_passphrase); if (identity_new_passphrase) return xstrdup(identity_new_passphrase); - return read_check_passphrase( - "Enter passphrase (empty for no passphrase): ", + xasprintf(&prompt, "Enter passphrase for \"%s\" " + "(empty for no passphrase): ", path); + ret = read_check_passphrase(prompt, "Enter same passphrase again: ", "Passphrases do not match. Try again."); + free(prompt); + return ret; } static char * @@ -3216,7 +3224,7 @@ do_download_sk(const char *skprovider, const char *device) /* Save the key with the application string as the comment */ if (pass == NULL) - pass = private_key_passphrase(); + pass = private_key_passphrase(path); if ((r = sshkey_save_private(key, path, pass, key->sk_application, private_key_format, openssh_format_cipher, rounds)) != 0) { @@ -3912,7 +3920,7 @@ main(int argc, char **argv) exit(1); /* Determine the passphrase for the private key */ - passphrase = private_key_passphrase(); + passphrase = private_key_passphrase(identity_file); if (identity_comment) { strlcpy(comment, identity_comment, sizeof(comment)); } else {