Announce: OpenSSH 5.4 released

Damien Miller djm at mindrot.org
Fri Mar 12 10:45:48 EST 2010


On Thu, 11 Mar 2010, Corinna Vinschen wrote:

> On Mar  7 19:05, Damien Miller wrote:
> > 
> > OpenSSH 5.4 has just been released. It will be available from the
> > mirrors listed at http://www.openssh.com/ shortly.
> 
> There appears to be a new bug in OpenSSH affecting the sshd_config
> setting AuthorizedKeysFile.
> 
> The default entry in sshd_config is commented out:
> 
>   #AuthorizedKeysFile    .ssh/authorized_keys
> 
> Now, if you remove the # and restart sshd, it's suddenly impossible
> to login with public key authentication.  Running sshd in debugging
> mode shows entries like these:
> 
>   temporarily_use_uid: 500/513 (e=1105/513)
>   trying public key file //.ssh/authorized_keys
>   restore_uid: 1105/513
>   temporarily_use_uid: 500/513 (e=1105/513)
>   trying public key file //.ssh/authorized_keys
>   restore_uid: 1105/513
>   Failed publickey for some_user from 192.168.77.88 port 2864 ssh2

Confirmed. Here is a patch:


Index: servconf.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/servconf.c,v
retrieving revision 1.204
diff -u -p -r1.204 servconf.c
--- servconf.c	4 Mar 2010 10:36:03 -0000	1.204
+++ servconf.c	11 Mar 2010 23:45:26 -0000
@@ -1180,7 +1180,17 @@ process_server_config_line(ServerOptions
 		charptr = (opcode == sAuthorizedKeysFile) ?
 		    &options->authorized_keys_file :
 		    &options->authorized_keys_file2;
-		goto parse_filename;
+		arg = strdelim(&cp);
+		if (!arg || *arg == '\0')
+			fatal("%s line %d: missing file name.",
+			    filename, linenum);
+		if (*activep && *charptr == NULL) {
+			*charptr = derelativise_path(arg);
+			/* increase optional counter */
+			if (intptr != NULL)
+				*intptr = *intptr + 1;
+		}
+		break;
 
 	case sClientAliveInterval:
 		intptr = &options->client_alive_interval;


More information about the openssh-unix-dev mailing list