[Bug 2027] SSH generates misleading errors when using public key authentication

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Jul 21 16:07:38 EST 2012


Gabriel Kerneis <gabriel at kerneis.info> changed:

           What    |Removed                     |Added
                 CC|                            |gabriel at kerneis.info

--- Comment #1 from Gabriel Kerneis <gabriel at kerneis.info> ---
This bug is related to the following issue: 

The spurious therefore is:
> Authentication tried for root with correct key but not from a permitted host (host=AAAA, ip=XXXX).
even when the key is *incorrect*, provided there is a "from=" field in

The bug is very real, but I'm afraid your patch is wrong:
- First, the spurious message is about identifiying with a key, not a
certificate.  You are patching the wrong warning - at least wrt. to the
issue linked above (there might also be an issue with certificates but
it has not been reported AFAIK).
- Then, even if this were the right warning to patch, you modified the
string to remove the %.100s for the host but you kept pw->pw_name in
logit. It cannot work.

> auth-options.c: In function ‘parse_option_list’:
> auth-options.c:518:10: warning: too many arguments for format [-Wformat-extra-args]

I know there has been a lot of unfortunate buzz about this yesterday,
but this in no excuse to release a patch that has obviously been done
in a hurry and never tested.

You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list