bugzilla-daemon at mindrot.org
2020-Jul-05 07:54 UTC
[Bug 3191] New: Issues when authorized_keys contains more than one ecdsa-sk public key
https://bugzilla.mindrot.org/show_bug.cgi?id=3191
Bug ID: 3191
Summary: Issues when authorized_keys contains more than one
ecdsa-sk public key
Product: Portable OpenSSH
Version: 8.3p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: David at WalkerStreet.info
When I add two keys to .ssh/authorized_keys on a remote system, it
appears that only one of them will be attempted (in only a couple of
trials, it was the first key I'd created both times, even after I
swapped the order of the two keys in .ssh/authorized_keys). This
results in an error if the "right" key isn't already inserted. I
would
expect the correct behavior to be to attempt only
remote-host-authorized keys that are inserted in the local host, and if
none are inserted, to prompt the user to insert one.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Jul-17 03:57 UTC
[Bug 3191] Issues when authorized_keys contains more than one ecdsa-sk public key
https://bugzilla.mindrot.org/show_bug.cgi?id=3191
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
If you post debug traces from the client and the server it might be
possible to figure out what is going on here
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Jul-17 22:13 UTC
[Bug 3191] Issues when authorized_keys contains more than one ecdsa-sk public key
https://bugzilla.mindrot.org/show_bug.cgi?id=3191 --- Comment #2 from David Walker <David at WalkerStreet.info> --- Hmmm... I still have the issue of not being prompted to insert a key when no acceptable key is already inserted, but either of the keys I've authorized can be inserted and I get logged in without error. I'm pretty sure Tumbleweed has had an update to this stuff (libfido2 and maybe openssh) since I originally reported the issue, so it looks maybe like this has been resolved. If it's useful, though, I'll attach logs for two cases where an authorized key is already inserted and one where no key is inserted. FYI, I tested this on my laptop by starting sshd on my laptop and "ssh -vvv localhost". The authorized_keys file contained only the two Yubikeys I've been testing with. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2020-Jul-17 22:15 UTC
[Bug 3191] Issues when authorized_keys contains more than one ecdsa-sk public key
https://bugzilla.mindrot.org/show_bug.cgi?id=3191 --- Comment #3 from David Walker <David at WalkerStreet.info> --- Created attachment 3429 --> https://bugzilla.mindrot.org/attachment.cgi?id=3429&action=edit 5C Nano already inserted -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2020-Jul-17 22:15 UTC
[Bug 3191] Issues when authorized_keys contains more than one ecdsa-sk public key
https://bugzilla.mindrot.org/show_bug.cgi?id=3191 --- Comment #4 from David Walker <David at WalkerStreet.info> --- Created attachment 3430 --> https://bugzilla.mindrot.org/attachment.cgi?id=3430&action=edit 5 NFC already inserted -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Jul-17 22:15 UTC
[Bug 3191] Issues when authorized_keys contains more than one ecdsa-sk public key
https://bugzilla.mindrot.org/show_bug.cgi?id=3191 --- Comment #5 from David Walker <David at WalkerStreet.info> --- Created attachment 3431 --> https://bugzilla.mindrot.org/attachment.cgi?id=3431&action=edit No key inserted -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Jul-31 03:08 UTC
[Bug 3191] Issues when authorized_keys contains more than one ecdsa-sk public key
https://bugzilla.mindrot.org/show_bug.cgi?id=3191
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WORKSFORME
Status|NEW |RESOLVED
--- Comment #6 from Damien Miller <djm at mindrot.org> ---
it sounds like your problems were related to your OS distribution and
not OpenSSH per se. Reopen if this is not the case.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 04:57 UTC
[Bug 3191] Issues when authorized_keys contains more than one ecdsa-sk public key
https://bugzilla.mindrot.org/show_bug.cgi?id=3191
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #7 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Possibly Parallel Threads
- [Bug 3188] New: Problems creating a second ecdsa-sk key for a second Yubikey
- interoperability issue with agent and ecdsa-sk keys
- CA Signed Public Key User Authentication does not honor ~/.ssh/authorized_keys
- [Bug 3636] New: Public key authentication fails with incorrect message if authorized_keys is not UTF-8 encoded
- [Bug 2128] New: ssh-copy-id doesn't check if a public key already exists in a remote servers ~/.ssh/authorized_keys file