bugzilla-daemon at mindrot.org
2020-Jul-05 07:54 UTC
[Bug 3191] New: Issues when authorized_keys contains more than one ecdsa-sk public key
https://bugzilla.mindrot.org/show_bug.cgi?id=3191 Bug ID: 3191 Summary: Issues when authorized_keys contains more than one ecdsa-sk public key Product: Portable OpenSSH Version: 8.3p1 Hardware: amd64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: David at WalkerStreet.info When I add two keys to .ssh/authorized_keys on a remote system, it appears that only one of them will be attempted (in only a couple of trials, it was the first key I'd created both times, even after I swapped the order of the two keys in .ssh/authorized_keys). This results in an error if the "right" key isn't already inserted. I would expect the correct behavior to be to attempt only remote-host-authorized keys that are inserted in the local host, and if none are inserted, to prompt the user to insert one. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Jul-17 03:57 UTC
[Bug 3191] Issues when authorized_keys contains more than one ecdsa-sk public key
https://bugzilla.mindrot.org/show_bug.cgi?id=3191 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- If you post debug traces from the client and the server it might be possible to figure out what is going on here -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Jul-17 22:13 UTC
[Bug 3191] Issues when authorized_keys contains more than one ecdsa-sk public key
https://bugzilla.mindrot.org/show_bug.cgi?id=3191 --- Comment #2 from David Walker <David at WalkerStreet.info> --- Hmmm... I still have the issue of not being prompted to insert a key when no acceptable key is already inserted, but either of the keys I've authorized can be inserted and I get logged in without error. I'm pretty sure Tumbleweed has had an update to this stuff (libfido2 and maybe openssh) since I originally reported the issue, so it looks maybe like this has been resolved. If it's useful, though, I'll attach logs for two cases where an authorized key is already inserted and one where no key is inserted. FYI, I tested this on my laptop by starting sshd on my laptop and "ssh -vvv localhost". The authorized_keys file contained only the two Yubikeys I've been testing with. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2020-Jul-17 22:15 UTC
[Bug 3191] Issues when authorized_keys contains more than one ecdsa-sk public key
https://bugzilla.mindrot.org/show_bug.cgi?id=3191 --- Comment #3 from David Walker <David at WalkerStreet.info> --- Created attachment 3429 --> https://bugzilla.mindrot.org/attachment.cgi?id=3429&action=edit 5C Nano already inserted -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2020-Jul-17 22:15 UTC
[Bug 3191] Issues when authorized_keys contains more than one ecdsa-sk public key
https://bugzilla.mindrot.org/show_bug.cgi?id=3191 --- Comment #4 from David Walker <David at WalkerStreet.info> --- Created attachment 3430 --> https://bugzilla.mindrot.org/attachment.cgi?id=3430&action=edit 5 NFC already inserted -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Jul-17 22:15 UTC
[Bug 3191] Issues when authorized_keys contains more than one ecdsa-sk public key
https://bugzilla.mindrot.org/show_bug.cgi?id=3191 --- Comment #5 from David Walker <David at WalkerStreet.info> --- Created attachment 3431 --> https://bugzilla.mindrot.org/attachment.cgi?id=3431&action=edit No key inserted -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Jul-31 03:08 UTC
[Bug 3191] Issues when authorized_keys contains more than one ecdsa-sk public key
https://bugzilla.mindrot.org/show_bug.cgi?id=3191 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WORKSFORME Status|NEW |RESOLVED --- Comment #6 from Damien Miller <djm at mindrot.org> --- it sounds like your problems were related to your OS distribution and not OpenSSH per se. Reopen if this is not the case. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 04:57 UTC
[Bug 3191] Issues when authorized_keys contains more than one ecdsa-sk public key
https://bugzilla.mindrot.org/show_bug.cgi?id=3191 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #7 from Damien Miller <djm at mindrot.org> --- closing resolved bugs as of 8.6p1 release -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Seemingly Similar Threads
- [Bug 3188] New: Problems creating a second ecdsa-sk key for a second Yubikey
- interoperability issue with agent and ecdsa-sk keys
- [Bug 3748] New: "webauthn-sk-ecdsa-sha2-nistp256@openssh.com" signature type not supported from ssh agent
- CA Signed Public Key User Authentication does not honor ~/.ssh/authorized_keys
- [Bug 3636] New: Public key authentication fails with incorrect message if authorized_keys is not UTF-8 encoded