[Bug 1841] Error message if key occurs twice in authorized_keys file
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Nov 26 20:46:33 EST 2010
https://bugzilla.mindrot.org/show_bug.cgi?id=1841
--- Comment #6 from Anders Liljegren <anders.liljegren at uadm.uu.se> 2010-11-26 20:46:33 EST ---
(In reply to comment #5)
> Public keys are usually tried twice during authentication, initially to
> query the server to determine whether it will accept the key and then
> again, after generating a signature using the private half, to actually
> authenticate.
>
> As such, each line in authorized_keys will be evaluated twice.
I guessed that this was the problem. If sshd both times looked up the
keys using both key and ip-address it would be no problem. It would
only get one hit.
> Your
> configuration is set up to cause this noise by listing the same key
> with different access rules. To avoid the noise in your logs, combine
> the two lines as
>
> from="anders.its.uu.se,anders2.its.uu.se" ssh-dss AAAAB3N...
Yes, this is the obvious work around. There is however some problems
with this. Firstly, if the file is big it's easy to overlook that a
certain
key is already in the file with some other ip address. Secondly, it's
not easy
to understand at once what's wrong. The user may think something else
is wrong and start out on a wild goose chase.
I think that this should be fixed in the code so that is works as most
people would expect it to work.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list