[Bug 2737] New: function identity_sign() assume private key's pub part as same as the .pub key.
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Jul 4 16:48:56 AEST 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2737
Bug ID: 2737
Summary: function identity_sign() assume private key's pub part
as same as the .pub key.
Product: Portable OpenSSH
Version: 7.5p1
Hardware: Other
OS: Other
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: jj.net at 163.com
1: we use 'ssh-keygen' create two rsa pub/pri key pair with empty
passphrase.
and names it to:
<id_rsa1, id_rsa1.pub>
<id_rsa2, id_rsa2.pub>
2: add two pub key to localhost sshd:
cat id_rsa1.pub >> ~/.ssh/authorized_keys
cat id_rsa2.pub >> ~/.ssh/authorized_keys
3: copy the unmatch pub/pri key to ~/.ssh directory
cp id_rsa1 ~/.ssh/id_rsa
cp id_rsa2.pub ~/.ssh/id_rsa.pub
4: login to localhost without agent.
SSH_AUTH_SOCK= ssh 127.0.0.1 -vvv
can see ssh prompt user input password because of
method pubkey failed. the reasion is identity_sign() used
the id_rsa2.pub as pubkey, and signed it by id_rsa1 private key. that
sshd verify signature failed.
but, if you remove ~/.ssh/id_rsa.pub,
ssh client will used full ~/.ssh/id_rsa (extract pubkey,privatekey)
through
userauth_pubkey()
-->sign_and_send_pubkey()
-->identity_sign()
and login success.
i think ssh designed to login use pubkey as possible we you can.
and if id_rsa unmatch id_rsa.pub, ssh should trust id_rsa and drop the
rsa.pub file, try do login again as id_rsa.pub not exist.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list