[Bug 3406] New: RSA key authentication doesn't work with enabled GSSAPIKeyExchange: sign_and_send_pubkey: internal error: initial hostkey not recorded
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Mar 15 00:44:20 AEDT 2022
https://bugzilla.mindrot.org/show_bug.cgi?id=3406
Bug ID: 3406
Summary: RSA key authentication doesn't work with enabled
GSSAPIKeyExchange: sign_and_send_pubkey: internal
error: initial hostkey not recorded
Product: Portable OpenSSH
Version: 8.9p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Kerberos support
Assignee: unassigned-bugs at mindrot.org
Reporter: robert.kulyassa at gmail.com
I've set up an openssh server to use GSSAPI authentication (too), it
all worked last week, I was able to login with password, ssh key or
kerberos ticket, all the 3 worked fine. Today I updated the ssh server
(8.8p1 -> 8.9p1), the kerberos and password auth still work, but when I
try to use key authentication I get this:
sign_and_send_pubkey: internal error: initial hostkey not recorded
If I disable the GSSAPIKeyExchange then it works again (kerberos and
password auth works in both case).
The environment:
client and server side are almost the same, Ubuntu 22.04 client and
server:
openssh version: 8.9p1 (and earlier when it worked: 8.8p1)
sshd_config (almost default, just enabled the GSSAPIAuthentication)
Include /etc/ssh/sshd_config.d/*.conf # <- nothing here
LogLevel INFO
KbdInteractiveAuthentication no
GSSAPIAuthentication yes
GSSAPIKeyExchange yes
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
ps: May it be related to the "stricter UpdateHostkey signature
verification logic" what I see in the 8.9 release notes?
https://www.openssh.com/txt/release-8.9
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list