search for: pubkeyfile

...type(key->cert->signature_key), ca_fp, + reason); + auth_debug_add("Refused Certificate ID \"%s\" " + "serial=%llu: %s", key->cert->key_id, + (unsigned long long)key->cert->serial, reason); goto out; } } diff --git a/auth2-pubkeyfile.c b/auth2-pubkeyfile.c index c3bd24b..09ce37e 100644 --- a/auth2-pubkeyfile.c +++ b/auth2-pubkeyfile.c @@ -343,15 +343,15 @@ auth_check_authkey_line(struct passwd *pw, struct sshkey *key, /* Parse and check options present in certificate */ if ((certopts = sshauthopt_from_cert(key)) == NULL) {...

On 4/5/25 15:01, Lars Nood?n wrote: > I notice that when using log level INFO it seems sshd(8) provides very > little information about failed SSH certificate log in attempts: > > Apr? 5 14:44:41 server sshd-session[51695]: error: Certificate invalid: > not yet valid > > Apr? 5 14:45:31 server sshd-session[88953]: error: Certificate invalid: > expired > >

...s: "keytype, base64-encoded key not found: <string>" Would a pull request for such likely be accepted? ### Extra info: Version: OpenSSH_9.6p1, OpenSSL 3.2.1 30 Jan 2024 Relevant code: https://github.com/openssh/openssh-portable/blob/b5b405fee7f3e79d44e2d2971a4b6b4cc53f112e/auth2-pubkeyfile.c#L294-L298 if (sshkey_read(found, &cp) != 0) { /* still no key? advance to next line*/ debug2("%s: advance: '%s'", loc, cp); goto out; } I note in the same files as abov...

...eplace_strmem.c:667) sshd[22181]: ==22181== by 0x189ED5: UnknownInlinedFun (string_fortified.h:169) sshd[22181]: ==22181== by 0x189ED5: safe_path (misc.c:2335) sshd[22181]: ==22181== by 0x18A09D: safe_path_fd (misc.c:2376) sshd[22181]: ==22181== by 0x138C47: auth_openfile (auth2-pubkeyfile.c:477) sshd[22181]: ==22181== by 0x13783A: user_key_allowed2 (auth2-pubkey.c:638) sshd[22181]: ==22181== by 0x13783A: user_key_allowed (auth2-pubkey.c:839) sshd[22181]: ==22181== by 0x13B544: mm_answer_keyallowed (monitor.c:1339) sshd[22181]: ==22181== by 0x13D66D: monitor_read...