Cyberduck Mountain Duck CLI

#10526 closed defect (fixed)

Saves passphrase for private key in keychain regardless if login fails

Reported by: pschumm Owned by: dkocher
Priority: normal Milestone: 6.9.0
Component: sftp Version: 6.8.2
Severity: normal Keywords:
Cc: Architecture:


When using key-based authentication to establish an SFTP connection, if the user enters his or her passphrase incorrectly and checks the box to save the passphrase in the system keychain, the passphrase is saved even though the connection is unsuccessful. This results in an incorrect passphrase being stored in the keychain, which can cause confusion for the user. Cyberduck should only store the passphrase if the connection attempt succeeds, as is standard behavior for a modern web browser.

Change History (5)

comment:1 Changed on Oct 31, 2018 at 7:18:59 AM by dkocher

  • Component changed from core to sftp
  • Owner set to dkocher

comment:2 Changed on Oct 31, 2018 at 7:23:27 AM by dkocher

  • Summary changed from Cyberduck saves passphrases entered incorrectly in system keychain to Saves passphrase for private key in keychain regardless if login fails

comment:3 Changed on Nov 20, 2018 at 9:02:18 AM by dkocher

  • Milestone set to 7.0
  • Status changed from new to assigned

comment:4 Changed on Dec 9, 2018 at 6:57:46 PM by dkocher

  • Milestone changed from 7.0 to 6.9.0

comment:5 Changed on Dec 11, 2018 at 3:05:42 PM by dkocher

  • Resolution set to fixed
  • Status changed from assigned to closed

In r45715.

Note: See TracTickets for help on using tickets.