[Bug 1483] New: Unable to select desired (DSA) key file
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Jul 9 10:04:18 EST 2008
https://bugzilla.mindrot.org/show_bug.cgi?id=1483
Summary: Unable to select desired (DSA) key file
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.0p1
Platform: Other
OS/Version: FreeBSD
Status: NEW
Severity: major
Priority: P2
Component: scp
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: rannumgen at globaleyes.net
There is a problem with (portable) OpenSSHv5.0 with regards to key
selection.
In the past, with SCP, you could use the "identity key file '-i'"
parameter to select THE specific key to be used for the SCP
transaction, and it didn't matter WHAT TYPE of key (RSA/DSA) was used.
1) According to the MANual page for V5.0 SSH:
-i identity_file
Selects the file from which the identity (private key) for
RSA
authentication is read. This option is directly passed to
ssh(1).
NOTE the explicit specification of RSA!
2) when using v5.0 "-i" parameter, the selected key file does not
appear FIRST in any list of keys (joined from an SSH "config" file),
nor does it completed replace/supplant any key list available through
any SSH
configuration file (global or local); in this example - the
"MYdesignatedKEY" key was associated with the "-i" parameter:
debug2: key: /<path>/.ssh/id_rsa (0x813ceXX)
debug2: key: /<path>/.ssh/id_dsa (0x813ceXX)
debug2: key: /<path>/.ssh/MYdesignatedKEY (0xgarbale)
debug2: key: /<path>/.ssh/id_dsa_new (0x813ceXX)
debug2: key: /<path>/.ssh/id_rsa_new (0x813cfXX)
3) In order to ignore/bypass ANY SSH config file, you have to supply an
EXISTING file, even if empty, with the "-F" parameter!
4) Last but not least, when selecting a specific identity file using
the "-o ssh option" parameter, and an empty "SSH config file", SSHDv5.0
STILL refuses to use the specified key:
debug2: key: /<path>/.ssh/MYdesignatedKEY (0xgarble0)
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key:
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: fp
GG:AA:RR:BB:LL:EE:e3:c8:b1:2f:af:5b:0f:d7:dc:a7
debug1: Authentication succeeded (publickey).
fingerprint for MYdesignatedKEY.pub:
GG:AA:RR:BB:LL:EE:c5:5f:6d:1b:af:51:0d:ae:f0:30
fingerprint for default "id_rsa.pub":
GG:AA:RR:BB:LL:EE:e3:c8:b1:2f:af:5b:0f:d7:dc:a7
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list