OpenSSH pubkey authentication failing after update to 5.4
Thorsten Kampe
thorsten@thorstenkampe.de
Wed Mar 10 17:13:00 GMT 2010
* Corinna Vinschen (Wed, 10 Mar 2010 17:32:44 +0100)
>
> On Mar 10 17:15, Thorsten Kampe wrote:
> > Hi,
> >
> > today I updated to OpenSSH 5.4 from 5.3 and I noticed on four different
> > hosts that pubkey authentication was not working anymore after the
> > update (while password authentication still works).
> >
> > I started the server with "-ddd" and this is the (in my opinion)
> > critical difference:
> >
> > # 5.3 (old SSH)
> > temporarily_use_uid: 500/513 (e=1105/513)
> > trying public key file /home/admin/.ssh/authorized_keys
> > fd 4 clearing O_NONBLOCK
> > matching key found: file /home/admin/.ssh/authorized_keys, line 1
> > Found matching DSA key: 1b:31:25:da:6f:89:17:e8:25:46:46:60:ed:6f:a2:6c
> >
> > # 5.4 (new SSH)
> > temporarily_use_uid: 500/513 (e=1105/513)
> > trying public key file //.ssh/authorized_keys
> > restore_uid: 1105/513
> > temporarily_use_uid: 500/513 (e=1105/513)
> > trying public key file //.ssh/authorized_keys
> > restore_uid: 1105/513
> > Failed publickey for admin from 149.44.136.129 port 2864 ssh2
> >
> >
> > What else can I provide to help troubleshooting this issue?!
>
> It works for me, regardless of running as service or in the commandline.
> The path to the authorized_keys file is the entry from /etc/passwd. You
> should try to find out where it's getting the / from in the path to
> authorize_keys. Do you have two different entries for the Administrator
> user, by any chance?
Okay, I figured it out, it's a bug. The problem comes from
"AuthorizedKeysFile .ssh/authorized_keys" in sshd_config (which is
according to the sshd_config man page the default). It looks like the
value was interpreted in OpenSSH 5.3 as a relative path (relative to the
user's home directory) and in 5.4 as an absolute path. Commenting out
this setting fixes the problem.
Thanks, Thorsten
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
More information about the Cygwin
mailing list