[Bug 937] ssh2 pubkey auth broken by user:style syntax

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Sep 30 17:00:08 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=937

           Summary: ssh2 pubkey auth broken by user:style syntax
           Product: Portable OpenSSH
           Version: -current
          Platform: All
        OS/Version: OpenBSD
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: djm at mindrot.org


ssh2 pubkey auth is broken ("hash mismatch") when a user tries to log in using
the "user:style" username trick despite having a valid pubkey. 

The problem is that we strip off the style in input_userauth_request(), but we
don't add it back when computing the pubkey signature. Maybe it would be better
to stash the entire username as offered by the client and use it to compute the sig.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list