Portalbe OpenSSH's don't know agent's keys after authenticion failure with partial success

Tóth, László Attila laszlo.attila.toth at balabit.com
Sat Dec 19 01:12:38 AEDT 2015


If SSH_MSG_USERAUTH_FAILURE arrives from the server with partial success
(set to 1), in input_userauth_failure() the pubkey_cleanup() and
pubkey_prepare() calls does different thing than the first pubkey_prepare()
instead of identical.

OpenSSH versions: 6.7p1 to 7.1p1 (based on changelog the issue seems to be
introduced in 6.3p1 during fixing another bug):

* ssh(1): reset the order in which public keys are tried after partial
   authentication success.

* an ssh-agent with a passphrase-protected private key stored in its
standard name (e.g. .ssh/id_rsa)
* a server that accepts this key but requires further authentication (auth
failure with partial success)
* and the ssh client

First the client sends the key stored in the agent, and then clears its
keys in authctx, and retries the keys. At this point the public key is
missing (.ssh/id_rsa), therefore ssh tries to ask the passphrase, even if
the key is loaded into the agent. And if the passphrase is given, it
retries the very same key.

The problem seems to be occured in pubkey_prepare(), in this line:

    options.identity_keys[i] = NULL;

If the code wants to iterate thrugh these keys after a partial success,
these keys should never
 be NULL'ed, instead these should be copied.

As a result, if I'm not mistaken, the ssh client skips all keys of the

Laszlo Attila TOTH

More information about the openssh-unix-dev mailing list