[Bug 1483] New: Unable to select desired (DSA) key file

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Jul 9 10:04:18 EST 2008 

https://bugzilla.mindrot.org/show_bug.cgi?id=1483

           Summary: Unable to select desired (DSA) key file
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 5.0p1
          Platform: Other
        OS/Version: FreeBSD
            Status: NEW
          Severity: major
          Priority: P2
         Component: scp
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: rannumgen at globaleyes.net


There is a problem with (portable) OpenSSHv5.0 with regards to key
selection.

In the past, with SCP, you could use the "identity key file '-i'"
parameter to select THE specific key to be used for the SCP
transaction, and it didn't matter WHAT TYPE of key (RSA/DSA) was used.

1) According to the MANual page for V5.0 SSH:

-i identity_file
             Selects the file from which the identity (private key) for
RSA
             authentication is read.  This option is directly passed to
             ssh(1).

NOTE the explicit specification of RSA!

2) when using v5.0 "-i" parameter, the selected key file does not
appear FIRST in any list of keys (joined from an SSH "config" file),
nor does it completed replace/supplant any key list available through
any SSH
configuration file (global or local); in this example - the
"MYdesignatedKEY" key was associated with the "-i" parameter:

debug2: key: /<path>/.ssh/id_rsa (0x813ceXX)
debug2: key: /<path>/.ssh/id_dsa (0x813ceXX)
debug2: key: /<path>/.ssh/MYdesignatedKEY (0xgarbale)
debug2: key: /<path>/.ssh/id_dsa_new (0x813ceXX)
debug2: key: /<path>/.ssh/id_rsa_new (0x813cfXX)

3) In order to ignore/bypass ANY SSH config file, you have to supply an
EXISTING file, even if empty, with the "-F" parameter!

4) Last but not least, when selecting a specific identity file using
the "-o ssh option" parameter, and an empty "SSH config file", SSHDv5.0
STILL refuses to use the specified key:

debug2: key: /<path>/.ssh/MYdesignatedKEY (0xgarble0)
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: 
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: fp
GG:AA:RR:BB:LL:EE:e3:c8:b1:2f:af:5b:0f:d7:dc:a7
debug1: Authentication succeeded (publickey).


fingerprint for MYdesignatedKEY.pub:
    GG:AA:RR:BB:LL:EE:c5:5f:6d:1b:af:51:0d:ae:f0:30

fingerprint for default "id_rsa.pub":
    GG:AA:RR:BB:LL:EE:e3:c8:b1:2f:af:5b:0f:d7:dc:a7

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list