Announce: OpenSSH 5.4 released

Corinna Vinschen vinschen at redhat.com
Fri Mar 12 01:56:36 EST 2010


On Mar  7 19:05, Damien Miller wrote:
> 
> OpenSSH 5.4 has just been released. It will be available from the
> mirrors listed at http://www.openssh.com/ shortly.

There appears to be a new bug in OpenSSH affecting the sshd_config
setting AuthorizedKeysFile.

The default entry in sshd_config is commented out:

  #AuthorizedKeysFile    .ssh/authorized_keys

Now, if you remove the # and restart sshd, it's suddenly impossible
to login with public key authentication.  Running sshd in debugging
mode shows entries like these:

  temporarily_use_uid: 500/513 (e=1105/513)
  trying public key file //.ssh/authorized_keys
  restore_uid: 1105/513
  temporarily_use_uid: 500/513 (e=1105/513)
  trying public key file //.ssh/authorized_keys
  restore_uid: 1105/513
  Failed publickey for some_user from 192.168.77.88 port 2864 ssh2

Note the paths to the authorized_keys file, which is not the
user home directory, but the root directory instead.  Either
commenting out the AuthorizedKeysFile directive in sshd_config,
or replacing it with

  AuthorizedKeysFile    %h/.ssh/authorized_keys

fixes the issue.  It seems that the handling of the path as relative to
the user's home directory has gone missing.  I don't see any comment in
the release announcement, nor is there a change in the sshd_config man
page which points to a planned change in AuthorizedKeysFile semantics.


Corinna

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat


More information about the openssh-unix-dev mailing list