bugzilla-daemon at mindrot.org
2012-Jul-20 14:43 UTC
[Bug 2027] New: SSH generates misleading errors when using public key authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=2027 Priority: P5 Bug ID: 2027 Assignee: unassigned-bugs at mindrot.org Summary: SSH generates misleading errors when using public key authentication Severity: normal Classification: Unclassified OS: Linux Reporter: xavier.jodoin at corp.ovh.com Hardware: Other Status: NEW Version: 6.0p1 Component: sshd Product: Portable OpenSSH Created attachment 2176 --> https://bugzilla.mindrot.org/attachment.cgi?id=2176&action=edit message patch The log message is wrong when you authenticate with a public key and the account is protected with an ip address. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2012-Jul-21 06:07 UTC
[Bug 2027] SSH generates misleading errors when using public key authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=2027 Gabriel Kerneis <gabriel at kerneis.info> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |gabriel at kerneis.info --- Comment #1 from Gabriel Kerneis <gabriel at kerneis.info> --- This bug is related to the following issue: http://travaux.ovh.net/?do=details&id=7060 The spurious therefore is:> Authentication tried for root with correct key but not from a permitted host (host=AAAA, ip=XXXX).even when the key is *incorrect*, provided there is a "from=" field in authorized_keys. The bug is very real, but I'm afraid your patch is wrong: - First, the spurious message is about identifiying with a key, not a certificate. You are patching the wrong warning - at least wrt. to the issue linked above (there might also be an issue with certificates but it has not been reported AFAIK). - Then, even if this were the right warning to patch, you modified the string to remove the %.100s for the host but you kept pw->pw_name in logit. It cannot work.> auth-options.c: In function ?parse_option_list?: > auth-options.c:518:10: warning: too many arguments for format [-Wformat-extra-args]I know there has been a lot of unfortunate buzz about this yesterday, but this in no excuse to release a patch that has obviously been done in a hurry and never tested. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2012-Jul-21 06:59 UTC
[Bug 2027] SSH generates misleading errors when using public key authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=2027 Gabriel Kerneis <gabriel at kerneis.info> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #2 from Gabriel Kerneis <gabriel at kerneis.info> --- In fact, this bug has already been fixed in OpenSSH 6.0p1. It is only present in 5.5p1 (which is in Debian stable), because auth_parse_options used to be called before key_equal in user_key_allowed2 (file auth2-pubkey.c). In the latest cvs snapshot, I cannot reproduce the bug and key_found is indeed called before auth_parse_options, which is correct. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2012-Jul-21 07:26 UTC
[Bug 2027] SSH generates misleading errors when using public key authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=2027 Gabriel Kerneis <gabriel at kerneis.info> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|FIXED |DUPLICATE --- Comment #3 from Gabriel Kerneis <gabriel at kerneis.info> --- *** This bug has been marked as a duplicate of bug 1765 *** -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2012-Jul-23 16:39 UTC
[Bug 2027] SSH generates misleading errors when using public key authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=2027 --- Comment #4 from Xavier Jodoin <xavier.jodoin at corp.ovh.com> --- Thanks for the rapid feedback on this issue. And I confirm it's fix on the version 6.0p1. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2015-Aug-11 13:03 UTC
[Bug 2027] SSH generates misleading errors when using public key authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=2027 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #5 from Damien Miller <djm at mindrot.org> --- Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1 -- You are receiving this mail because: You are watching the assignee of the bug.
Maybe Matching Threads
- [Bug 28763] New: Kernel Oops when displaying a large image
- PATCH: krb4/krb5/... names/patterns in auth_keys entries
- [Bug 1765] New: Error message if key not first in authorized_keys file
- Multiple forced commands being executed
- [Bug 1172] [PATCH] Restrict public key authentication to scp access only