openssh bugs - Jan 2021 - [Bug 3254] New: Issue on sshd finds correct private key for a certificate when using ssh-agent

https://bugzilla.mindrot.org/show_bug.cgi?id=3254

            Bug ID: 3254
           Summary: Issue on sshd finds correct private key for a
                    certificate when using ssh-agent
           Product: Portable OpenSSH
           Version: 8.4p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: zhouyc.cc at icloud.com

Please take a look at line 1936 in main() function in sshd.c. 

/* Find matching private key */
        for (j = 0; j < options.num_host_key_files; j++) {
                if (sshkey_equal_public(key,
                        sensitive_data.host_keys[j])) {
                        sensitive_data.host_certificates[j] = key;
                                break;
                        }
        }

the sshkey_equal_public() is trying to compare a cert's pub with a
private key, and it never find a match which makes sshd cannot use this
certificate even though its private key is in ssh-agent.
I believe it should be comparing a cert's public key with a public key
in sensitive_data as follow.

/* Find matching private key */
        for (j = 0; j < options.num_host_key_files; j++) {
                if (sshkey_equal_public(key,
                        sensitive_data.host_pubkeys[j])) {
                        sensitive_data.host_certificates[j] = key;
                                break;
                        }
        }

https://github.com/openssh/openssh-portable/blob/V_8_4/sshd.c#L1936

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3254

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org,
                   |                            |dtucker at dtucker.net
           Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
             Status|NEW                         |ASSIGNED
   Attachment #3526|                            |ok?(dtucker at dtucker.net)
              Flags|                            |

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 3526
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3526&action=edit
check certificate against host public keys

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3254

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |3302


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3302
[Bug 3302] Tracking bug for openssh-8.7
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3254

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3526|ok?(dtucker at dtucker.net)    |ok+
              Flags|                            |

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3254

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|ASSIGNED                    |RESOLVED
         Resolution|---                         |FIXED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Thanks - this has been committed as 530739d4 and will be in the next
OpenSSH release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3254

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
closing bugs resolved before openssh-8.9

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.