Xshell Forum

Using RSA keys for logging in without passwords

Last post: Monday, February 22, 2010 4:26 AM by Support, 5 reply

 
Friday, February 5, 2010 9:27 AM - Paul Jones

Using RSA keys for logging in without passwords

 
I am using RSA keys to log into servers. I do not have passwords assigned to those keys, yet Xshell will prompt me for a password the first time each time it starts. Is it possible for Xshell to look at the key and see that there is no password to avoid prompting the user?

Paul

Program Ver. : Xshell 3.0
Monday, February 8, 2010 1:04 AM - Support

Re: Using RSA keys for logging in without passwords

 
It is possible that public key authentication failed and Xshell is trying to use an alternative login method.

Also, in our test, Xshell does not ask for passphrase unless there is one assigned to it. If the problem persists,could you attached the screenshot of the dialog box that is asking for the password? And also, everything on the terminal?



---
Technical Support
Monday, February 8, 2010 9:54 AM - Paul Jones

Re: Using RSA keys for logging in without passwords

 
I've attached the password prompt. I'm not sure what the server exchanges are before prompting for the password, but it does communicate with the server before prompting for the password. I would it's just to determine which user key to use.

In any case, I can hit cancel or OK and both will result in logging in without a password. That's surprising, but what's more surprising is getting prompted for a password at all.

I'll also note that, once the Xagent is running, it will not prompt for a password any longer.

Paul
Wednesday, February 10, 2010 11:46 PM - Support

Re: Using RSA keys for logging in without passwords

 
This is not a bug but a standard way how Xagent works. Xagent considers empty passphrase as any other password.

If you want Xshell to remember passphrase, disable Xagent option in the session Properties dialog box (Session Properties > SSH > Xagent section).

---
Technical Support
Friday, February 19, 2010 11:30 AM - Paul Jones

Re: Using RSA keys for logging in without passwords

 
It might not be classified as a bug, but a change in design ought to be considered.

Disabling Xagent is not an ideal solution, since one loses the benefit of having Xagent. What that means is that if I start Xshell and then type "scp file remote_machine:. then the request will fail since Xagent isn't there to provide the password. I would have to provide a password or pointer to a key file, etc. That works, but is not ideal.

If the software was changed to recognize when a key file has a password and when it does not, and then to skip the password prompting step, I don't think there would be any loss in functionality and would not be less secure.

So, perhaps consider this as a feature request?

Paul
Monday, February 22, 2010 4:26 AM - Support

Re: Using RSA keys for logging in without passwords

 
Thank you for your feedback, Paul. I have added the feature to our requested feature list. At this point, I don't think this will create any security hole. However, our developers need to go over the technical side of it.

I will update this post, if I have any updates.

---
Technical Support