Announce: OpenSSH 5.4 released
Corinna Vinschen
vinschen at redhat.com
Fri Mar 12 01:56:36 EST 2010
On Mar 7 19:05, Damien Miller wrote:
>
> OpenSSH 5.4 has just been released. It will be available from the
> mirrors listed at http://www.openssh.com/ shortly.
There appears to be a new bug in OpenSSH affecting the sshd_config
setting AuthorizedKeysFile.
The default entry in sshd_config is commented out:
#AuthorizedKeysFile .ssh/authorized_keys
Now, if you remove the # and restart sshd, it's suddenly impossible
to login with public key authentication. Running sshd in debugging
mode shows entries like these:
temporarily_use_uid: 500/513 (e=1105/513)
trying public key file //.ssh/authorized_keys
restore_uid: 1105/513
temporarily_use_uid: 500/513 (e=1105/513)
trying public key file //.ssh/authorized_keys
restore_uid: 1105/513
Failed publickey for some_user from 192.168.77.88 port 2864 ssh2
Note the paths to the authorized_keys file, which is not the
user home directory, but the root directory instead. Either
commenting out the AuthorizedKeysFile directive in sshd_config,
or replacing it with
AuthorizedKeysFile %h/.ssh/authorized_keys
fixes the issue. It seems that the handling of the path as relative to
the user's home directory has gone missing. I don't see any comment in
the release announcement, nor is there a change in the sshd_config man
page which points to a planned change in AuthorizedKeysFile semantics.
Corinna
--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat
More information about the openssh-unix-dev
mailing list