openssh bugs - Jan 2010 - [Bug 1702] New: PreferredAuthentications setting doesn't work when spaces are used as documented

https://bugzilla.mindrot.org/show_bug.cgi?id=1702

           Summary: PreferredAuthentications setting doesn't work when
                    spaces are used as documented
           Product: Portable OpenSSH
           Version: 5.3p1
          Platform: Other
        OS/Version: Mac OS X
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: ysvenkat at ncsa.uiuc.edu


The man page ssh_config.5 specifies the default setting for
PreferredAuthentications as:
"gssapi-with-mic, hostbased, publickey, keyboard-interactive,
password"
with a space after each comma.

But when I set PreferredAuthentications in ssh_config as follows:
PreferredAuthentications "gssapi-keyex, gssapi-with-mic, publickey,
hostbased, password"
with a space after each comma, ssh fails to process authentication
methods beyond the first one in the list. It will however work as
expected if the spaces are removed.

Either the man page or code (match_list()?) needs to be fixed.

Below is the debug log of the failure:

debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: start over, passed a different list
publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: preferred gssapi-keyex, gssapi-with-mic, publickey, hostbased,
password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred:  gssapi-with-mic, publickey, hostbased,
password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied
(publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive).

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1702

Venkat Yekkirala <ysvenkat at ncsa.uiuc.edu> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jbasney at ncsa.uiuc.edu,
                   |                            |ysvenkat at ncsa.uiuc.edu

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1702

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au

--- Comment #1 from Darren Tucker <dtucker at zip.com.au> 2010-03-26
11:40:26 EST ---
This is a problem with the man page formatting.  I'll attach a patch.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1702

--- Comment #2 from Darren Tucker <dtucker at zip.com.au> 2010-03-26
11:43:38 EST ---
Created an attachment (id=1823)
 --> (https://bugzilla.mindrot.org/attachment.cgi?id=1823)
/tmp/ssh-preferredauth-man.patch

Format default value of PreferredAuthentication to match reality.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1702

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |1743

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1702

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #3 from Darren Tucker <dtucker at zip.com.au> 2010-03-26
12:10:01 EST ---
Patch has been applied and will be in 5.5p1.  Thanks for the report.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1702

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #4 from Damien Miller <djm at mindrot.org> 2010-04-16 15:49:36
EST ---
Mass move of bugs RESOLVED->CLOSED following the release of
openssh-5.5p1

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.