openssh bugs - Dec 2006 - [Bug 1270] Public key (DSA) authentication works on 3.8p1 but not on 4.5p1

http://bugzilla.mindrot.org/show_bug.cgi?id=1270

           Summary: Public key (DSA) authentication works on 3.8p1 but not
                    on 4.5p1
           Product: Portable OpenSSH
           Version: v4.5p1
          Platform: HPPA
        OS/Version: HP-UX
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: fredrik at xpd.se


After installing OpenSSH 4.5p1 we discovered that public key
authentication
seems to be broken on OpenSSH 4.5p1 on HP-UX 11.11

See attached typescript file, where 2 different binaries are used,
first is old 3.8p1 ssh client (which works) and second is new 4.5p1
ssh client (which isn't working) but trying to login from the same
host (hostA) to the same remote host (hostB)

For both versions you can see the "SSH2_MSG_SERVICE_ACCEPT received"
debug message from ssh_userauth2(), but only the 3.8p1 version
will show the debug message "debug2("key: %s (%p)",
id->filename,
id->key)" from pubkey_prepare().

I've tried this both with an identyFile directive (as shown in
example) as well as just having the id_dsa file being discovered
from $HOME/.ssh/id_dsa and there's no difference, it still only
works with the 3.8p1 client but not the 4.5p1 client.

I've tried it against both a 4.5p1 sshd server and a 3.8p1 server,
but same result, hence it looks like the problem seems to be in
the client itself (or possibly a side effect from a different
version of OpenSSL for the different versions)




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1270





------- Comment #1 from fredrik at xpd.se  2006-12-23 01:09 -------
Created an attachment (id=1221)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1221&action=view)
typescript log showing the problem




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1270





------- Comment #2 from fredrik at xpd.se  2006-12-23 01:14 -------
Created an attachment (id=1222)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1222&action=view)
$HOME/.ssh/config




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1270





------- Comment #3 from dtucker at zip.com.au  2006-12-31 13:04 -------
Did you happen to configure OpenSSL with "hpux-parisc2-cc" when you
built it?  If so then see the the URL below and try rebuilding OpenSSL
with "hpux-parisc-cc" instead, then rebuilding OpenSSH.  I'm not
sure
that this is the cause but it's worth a try.

http://www.aet.tu-cottbus.de/rt2/Ticket/Display.html?id=1395




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.