Seeking assistance with pubkey authentication problem on Windows OS

Peter_Lawrence at belgocontrol.be Peter_Lawrence at belgocontrol.be
Thu Dec 15 02:34:40 AEDT 2016


Hello.

I did a bit more digging in the debug information and I have isolated the problem, which looks like it comes directly from the source code. 
The ssh-agent.log shows the following entries during my ssh connection attempt from the Linux machine to the Windows machine running a Win64 OpenSSH:

5772 16:13:37 990 debug1: trying public key file C:\Users\LAW/.ssh\authorized_keys
5772 16:13:37 990 debug1: given public key is not mapped to user LAW (profile:C:\Users\LAW)

My sshd_config file has been set with the following entry:
AuthorizedKeysFile .ssh\authorized_keys

I have noticed that if I was to either use the line
AuthorizedKeysFile %h\.ssh\authorized_keys
or
AuthorizedKeysFile C:\Users\LAW\.ssh\authorized_keys
the ssh-agent.log shows a debug entry now saying 
trying public key file C:\Users\LAW/C:\Users\LAW\.ssh\authorized_keys

Having had a dig around in the source-code for OpenSSH, the culprit is the subroutine
expand_authorized_keys
in the file auth.c
which returns a char pointer called ret given by snprintf(ret, sizeof(ret), "%s/%s", pw->pw_dir, file)
You can see here that the formatting "%s/%s" is causing the insertion of a forward-slash in the public key filename used in the windows environment; to this extent, the authorized_keys file will never be found in the windows environment.

Would it suffice if I rebuild the Win64 OpenSSH executables with the correction snprintf(ret, sizeof(ret), "%s\\%s", pw->pw_dir, file), or should I wait for an official build with this correction?


Yours sincerely,
Peter.

___________________________________________________________

Dr. Peter E. Lawrence  BSc(Ma & Comp Sc)(Hons) MSc(Ma Sc)(Res) PhD(Ma Sc)
Analyst & Software Engineer
BELGOCONTROL (CANAC) 
Tervuursesteenweg 303 
B - 1820 Steenokkerzeel 
Tel: [Office]:  +32 2 206 2588
       [GSM]:   +32 4 701 80752
Email: law at belgocontrol.be
Web:  www.belgocontrol.be
 

Belgocontrol Mail Disclaimer


More information about the openssh-unix-dev mailing list