bugzilla-daemon at bugzilla.mindrot.org
2020-Mar-11 12:27 UTC
[Bug 3134] New: AuthorizedKeysCommand is not executed anymore when an AuthorizedKeysFile has a matching entry
bugzilla.mindrot.org/show_bug.cgi?id=3134 Bug ID: 3134 Summary: AuthorizedKeysCommand is not executed anymore when an AuthorizedKeysFile has a matching entry Product: Portable OpenSSH Version: 8.1p1 Hardware: amd64 OS: Linux Status: NEW Severity: major Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: ganguin at gmail.com The documentation says: If a key supplied by AuthorizedKeysCommand does not successfully authenticate and authorize the user then public key authentication continues using the usual AuthorizedKeysFile files. Until sshd version 8.0p1 (I tested 7.6p1, 7.9p1 and 8.0p1), the behaviour was as documented: * Execute AuthorizedKeysCommand all the time * Fallback to AuthorizedKeysFile if AuthorizedKeysCommand does not successfully authenticate However, with version 8.1p1 and newer (I tested 8.1p1, 8.2p1 and latest github version commit 9b47bd7b09d191991ad9e0506bb66b74bbc93d34), the order got reversed: * Check the AuthorizedKeysFile * Fallback to AuthorizedKeysCommand if AuthorizedKeysFile failed As a workaround I can set AuthorizedKeysFile to none, but I lose the fallback feature that was interesting in my use case. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Apr-17 04:28 UTC
[Bug 3134] AuthorizedKeysCommand is not executed anymore when an AuthorizedKeysFile has a matching entry
bugzilla.mindrot.org/show_bug.cgi?id=3134 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org Status|NEW |RESOLVED Blocks| |3117 Resolution|--- |FIXED --- Comment #1 from Damien Miller <djm at mindrot.org> --- Thanks for letting us know - the change of order was intentional, but the documentation wasn't updated to reflect it. I have fixed sshd_config.5 to match what is actually implemented. Referenced Bugs: bugzilla.mindrot.org/show_bug.cgi?id=3117 [Bug 3117] Tracking bug for 8.3 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Mar-03 22:53 UTC
[Bug 3134] AuthorizedKeysCommand is not executed anymore when an AuthorizedKeysFile has a matching entry
bugzilla.mindrot.org/show_bug.cgi?id=3134 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #2 from Damien Miller <djm at mindrot.org> --- close bugs that were resolved in OpenSSH 8.5 release cycle -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2021-Oct-13 14:40 UTC
[Bug 3134] AuthorizedKeysCommand is not executed anymore when an AuthorizedKeysFile has a matching entry
bugzilla.mindrot.org/show_bug.cgi?id=3134 Ahmed Sayeed <ahmedsayeed1982 at yahoo.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ahmedsayeed1982 at yahoo.com --- Comment #3 from Ahmed Sayeed <ahmedsayeed1982 at yahoo.com> --- It does not happen on every run. My MWE: ``` www-look-4.com/tech/honor-magicbook // test.cpp #include<iostream> int main() komiya-dental.com/property/google-android { int a{ 4 }; std::cout << "a = " << a << '\n'; iu-bloomington.com/property/properties-in-turkey return 0; } ``` Simply running the program under GDB yields: ``` waytowhatsnext.com/property/disney-at-home (gdb) r Starting program: test-gdb/a.out [New Thread 0x1a03 of process 24826] [New Thread 0x1b03 of process 24826] wearelondonmade.com/technology/van-technology warning: unhandled dyld version (17) a = 4 [Inferior 1 (process 24826) exited normally] ``` jopspeech.com/technology/thunderbolt-4 However, setting breakpoints triggers it: ``` (gdb) b main joerg.li/technology/b-class-cars Breakpoint 1 at 0x100003e57: file test.cpp, line 5. (gdb) r Starting program: test-gdb/a.out [New Thread 0x2403 of process 24836] connstr.net/technology/nasa-latest [New Thread 0x2203 of process 24836] warning: unhandled dyld version (17) embermanchester.uk/tech/google-drive Thread 2 hit Breakpoint 1, main () at test.cpp:5 5 int a{ 4 }; (gdb) r slipstone.co.uk/technology/cars-interior The program being debugged has been started already. Start it from the beginning? (y or n) n Program not restarted. logoarts.co.uk/technology/robot-vacuums (gdb) q A debugging session is active. Inferior 1 [process 24836] will be killed. acpirateradio.co.uk/technology/global-warming Quit anyway? (y or n) y ../../gdb/target.c:2149: internal-error: void target_mourn_inferior(ptid_t): Assertion `ptid == inferior_ptid' failed. compilatori.com/technology/download-videos A problem internal to GDB has been detected, further debugging may prove unreliable. webb-dev.co.uk/services/vaccine-services Quit this debugging session? (y or n) y -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.