[Bug 2550] ssh can't use an in-memory-only certificate that doesn't also have another in-memory private key

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Mar 12 15:40:42 AEDT 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2550

--- Comment #2 from Peter Moody <mindrot at hda3.com> ---
nope :(

this works tho:

   if (sshkey_equal_public(id->key, private_id->key) &&
       id == private_id) {

I added a 

   debug2("id %p (id %d), private id %p (id %d)", id, id->key->type,
private_id, private_id->key->type);

to the match, and this is the -vvv output


debug1: Server accepts key: pkalg ssh-rsa-cert-v01 at openssh.com blen
2769
debug2: input_userauth_pk_ok: fp
SHA256:5U6bsClkHE1aWyFRkKbynEtiK8QD3/Nf3cxeUSR+BCA
debug3: sign_and_send_pubkey: RSA-CERT
SHA256:5U6bsClkHE1aWyFRkKbynEtiK8QD3/Nf3cxeUSR+BCA
debug2: id 0x7fab613164d0 (id 5), private id 0x7fab613164d0 (id 5)
debug2: sign_and_send_pubkey: using private key "[Valid until Sat 12
Mar 2016 11:55 UTC, Version 2]" from agent for certificate
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).

this is my ssh-agent

pmoody at pmoody (148) 04:39 (.git 7.2p1)
/home/pmoody/src/openssh-portable
$ ./ssh-add -l
2048 SHA256:5U6bsClkHE1aWyFRkKbynEtiK8QD3/Nf3cxeUSR+BCA [Valid until
Sat 12 Mar 2016 11:55 UTC, Version 2] (RSA-CERT)

pmoody at pmoody (0) 04:39 (.git 7.2p1) /home/pmoody/src/openssh-portable
$

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list