#577486 [grsync] Cancelling connection to SSH server prompting password doesn't work

Package:
grsync
Source:
grsync
Description:
GTK+ frontend for rsync
Submitter:
Filipus Klutiero
Date:
2010-04-12 18:57:08 UTC
Severity:
minor
#577486#5
Date:
2010-04-12 03:34:24 UTC
From:
To:
When connecting to an SSH server prompting for a password, ssh-askpass displays 2 buttons: OK and Cancel. Clicking Cancel seems to have the same effect as OK, that is, the prompt comes again (thankfully, it stops after 3 times). In fact, there is a difference - Cancel allows a new entry without any delay, while OK tries the password. So Cancel seems to mean "Clear". But you can't clear more than 3 times, so something is wrong.

I'm not sure whether this is a grsync or a ssh-askpass bug.
Debian Release: squeeze/sid
  990 testing         security.debian.org
  990 testing         debian.savoirfairelinux.net
  500 unstable        ftp.ca.debian.org
  500 stable          deb.opera.com
    1 experimental    ftp.ca.debian.org
--- Package information. ---
Depends                (Version) | Installed
================================-+-==============
libatk1.0-0          (>= 1.29.3) | 1.30.0-1
libc6              (>= 2.3.6-6~) | 2.10.2-6
libcairo2             (>= 1.2.4) | 1.8.10-3
libfontconfig1        (>= 2.8.0) | 2.8.0-2
libfreetype6          (>= 2.2.1) | 2.3.11-1
libglib2.0-0         (>= 2.16.0) | 2.24.0-1
libgtk2.0-0          (>= 2.12.0) | 2.18.9-2
libpango1.0-0        (>= 1.14.0) | 1.26.2-2
rsync                            | 3.0.7-2


Recommends       (Version) | Installed
==========================-+-===========
ssh-askpass                | 1:1.2.4.1-9


Package's Suggests field is empty.

#577486#10
Date:
2010-04-12 09:28:27 UTC
From:
To:
Hello,

Behavior of cancel is correct: you can try 3 times, then it disconnects.
If you click ok with wrong password, it makes you wait: that's the expected behavior, it's needed to make brutal force attacks more difficult.
Anyway, this is not related to grsync directly.

#577486#15
Date:
2010-04-12 09:28:27 UTC
From:
To:
Hello,

Behavior of cancel is correct: you can try 3 times, then it disconnects.
If you click ok with wrong password, it makes you wait: that's the expected behavior, it's needed to make brutal force attacks more difficult.
Anyway, this is not related to grsync directly.

#577486#20
Date:
2010-04-12 18:55:54 UTC
From:
To:
Hi Piero,
the behavior of cancel is incorrect; when you click Cancel, you don't want to
click cancel again x more times, you want to be disconnected immediately.