[Bug 1702] New: PreferredAuthentications setting doesn't work when spaces are used as documented

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Jan 22 05:04:28 EST 2010 

https://bugzilla.mindrot.org/show_bug.cgi?id=1702

           Summary: PreferredAuthentications setting doesn't work when
                    spaces are used as documented
           Product: Portable OpenSSH
           Version: 5.3p1
          Platform: Other
        OS/Version: Mac OS X
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: ysvenkat at ncsa.uiuc.edu


The man page ssh_config.5 specifies the default setting for
PreferredAuthentications as:
"gssapi-with-mic, hostbased, publickey, keyboard-interactive, password"
with a space after each comma.

But when I set PreferredAuthentications in ssh_config as follows:
PreferredAuthentications "gssapi-keyex, gssapi-with-mic, publickey,
hostbased, password"
with a space after each comma, ssh fails to process authentication
methods beyond the first one in the list. It will however work as
expected if the spaces are removed.

Either the man page or code (match_list()?) needs to be fixed.

Below is the debug log of the failure:

debug1: Authentications that can continue:
publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: start over, passed a different list
publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive
debug3: preferred gssapi-keyex, gssapi-with-mic, publickey, hostbased,
password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred:  gssapi-with-mic, publickey, hostbased,
password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied
(publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive).

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list