Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: OpenSSH: Bugs

[Bug 2027] SSH generates misleading errors when using public key authentication

 

 

OpenSSH bugs RSS feed   Index | Next | Previous | View Threaded


bugzilla-daemon at mindrot

Jul 20, 2012, 11:07 PM

Post #1 of 4 (599 views)
Permalink
[Bug 2027] SSH generates misleading errors when using public key authentication

https://bugzilla.mindrot.org/show_bug.cgi?id=2027

Gabriel Kerneis <gabriel [at] kerneis> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |gabriel [at] kerneis

--- Comment #1 from Gabriel Kerneis <gabriel [at] kerneis> ---
This bug is related to the following issue:
http://travaux.ovh.net/?do=details&id=7060

The spurious therefore is:
> Authentication tried for root with correct key but not from a permitted host (host=AAAA, ip=XXXX).
even when the key is *incorrect*, provided there is a "from=" field in
authorized_keys.

The bug is very real, but I'm afraid your patch is wrong:
- First, the spurious message is about identifiying with a key, not a
certificate. You are patching the wrong warning - at least wrt. to the
issue linked above (there might also be an issue with certificates but
it has not been reported AFAIK).
- Then, even if this were the right warning to patch, you modified the
string to remove the %.100s for the host but you kept pw->pw_name in
logit. It cannot work.

> auth-options.c: In function ‘parse_option_list’:
> auth-options.c:518:10: warning: too many arguments for format [-Wformat-extra-args]

I know there has been a lot of unfortunate buzz about this yesterday,
but this in no excuse to release a patch that has obviously been done
in a hurry and never tested.

--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs


bugzilla-daemon at mindrot

Jul 20, 2012, 11:59 PM

Post #2 of 4 (593 views)
Permalink
[Bug 2027] SSH generates misleading errors when using public key authentication [In reply to]

https://bugzilla.mindrot.org/show_bug.cgi?id=2027

Gabriel Kerneis <gabriel [at] kerneis> changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED

--- Comment #2 from Gabriel Kerneis <gabriel [at] kerneis> ---
In fact, this bug has already been fixed in OpenSSH 6.0p1. It is only
present in 5.5p1 (which is in Debian stable), because
auth_parse_options used to be called before key_equal in
user_key_allowed2 (file auth2-pubkey.c).

In the latest cvs snapshot, I cannot reproduce the bug and key_found is
indeed called before auth_parse_options, which is correct.

--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs


bugzilla-daemon at mindrot

Jul 21, 2012, 12:26 AM

Post #3 of 4 (589 views)
Permalink
[Bug 2027] SSH generates misleading errors when using public key authentication [In reply to]

https://bugzilla.mindrot.org/show_bug.cgi?id=2027

Gabriel Kerneis <gabriel [at] kerneis> changed:

What |Removed |Added
----------------------------------------------------------------------------
Resolution|FIXED |DUPLICATE

--- Comment #3 from Gabriel Kerneis <gabriel [at] kerneis> ---


*** This bug has been marked as a duplicate of bug 1765 ***

--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs


bugzilla-daemon at mindrot

Jul 23, 2012, 9:39 AM

Post #4 of 4 (584 views)
Permalink
[Bug 2027] SSH generates misleading errors when using public key authentication [In reply to]

https://bugzilla.mindrot.org/show_bug.cgi?id=2027

--- Comment #4 from Xavier Jodoin <xavier.jodoin [at] corp> ---
Thanks for the rapid feedback on this issue. And I confirm it's fix on
the version 6.0p1.

--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

OpenSSH bugs RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.