x/crypto/ssh/agent: keyring does not honor "ConfirmBeforeUse" #47533
Labels
Documentation
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
What version of Go are you using (
go version
)?I was using the newest release of https://github.com/buptczq/WinCryptSSHAgent
Does this issue reproduce with the latest release?
As far as my code analysis goes: yes
What operating system and processor architecture are you using (
go env
)?Windows 10, x64
What did you do?
TL;DR: realizing, the
-c
-flag ofssh-add
is ignored by https://github.com/buptczq/WinCryptSSHAgent, while-t
isn't.for more details, please see buptczq/WinCryptSSHAgent#55
After opening the issue there, I further investigated and understood, the problem is in the library. Especially in the keyring-implementation of the ssh agent: https://github.com/golang/crypto/blob/a769d52b0f97a420f3dcafc17f8b3384217859a2/ssh/agent/keyring.go.
While https://github.com/golang/crypto/blob/a769d52b0f97a420f3dcafc17f8b3384217859a2/ssh/agent/keyring.go#L147-L148 says "Note that any constraints given are ignored.", the time constraint really isn't, as appropriate handling was added in golang/crypto@8e06e8d. However, the claim "and will ask the user to confirm a signing operation if ConfirmBeforeUse is set." in the commit description is not true: as far as I understand the code, no sch handling was/is included in the file.
What did you expect to see?
I expected, that either both flags are ignored/not supported (as common on windows in Pageant as well as Microsoft OpenSSH) or both flags are supported. At best of course the latest.
What did you see instead?
As described above:
ssh-add -t
is handled correctly, whilessh-add -c
isn't.The text was updated successfully, but these errors were encountered: