Debian Bug report logs - #203700
ssh: WIth many public keys provided by ssh-agent, connection fail

version graph

Package: ssh; Maintainer for ssh is Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>; Source for ssh is src:openssh (PTS, buildd, popcon).

Reported by: Pierre THIERRY <nowhere.man@levallois.eu.org>

Date: Thu, 31 Jul 2003 22:03:01 UTC

Severity: normal

Found in version ssh/1:3.6.1p2-3

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#203700; Package ssh. (full text, mbox, link).


Acknowledgement sent to Pierre THIERRY <pierre.thierry@moine-fou.org>:
New Bug report received and forwarded. Copy sent to Matthew Vernon <matthew@debian.org>. (full text, mbox, link).


Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Pierre THIERRY <pierre.thierry@moine-fou.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ssh: WIth many public keys provided by ssh-agent, connection fail
Date: Fri, 1 Aug 2003 00:06:18 +0200
[Message part 1 (text/plain, inline)]
Package: ssh
Version: 1:3.6.1p2-3
Severity: grave
Justification: renders package unusable
Tags: sarge

I share a home directory between two machines, a woody and a sarge. The
bashrc calls a script that loads every private kye present i .ssh. For
the machine corresponding to the last key, with the former, the
connection is successful, but the latter receives a disconnect from the
SSH server just before the good key. The SSH server is on a woody.

Here are the two ssh -vv:

Woody -> Woody

debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: userauth_pubkey_agent: testing agent key /home/pierre/.ssh/id_dsa_arcanes
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: userauth_pubkey_agent: testing agent key /home/pierre/.ssh/id_dsa_wepf
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: userauth_pubkey_agent: testing agent key /home/pierre/.ssh/id_dsa_antec
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: userauth_pubkey_agent: testing agent key /home/pierre/.ssh/id_rsa_savannah
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: userauth_pubkey_agent: testing agent key /home/pierre/.ssh/id_dsa_caserne
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: userauth_pubkey_agent: testing agent key /home/pierre/.ssh/id_dsa_rmll
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: userauth_pubkey_agent: testing agent key /home/pierre/.ssh/id_dsa_efco
debug2: we sent a publickey packet, wait for reply
debug1: input_userauth_pk_ok: pkalg ssh-dss blen 434 lastkey 0x8092f30 hint -1
debug2: input_userauth_pk_ok: fp 02:de:fb:4d:51:3f:30:43:c7:09:09:ad:c5:63:48:df
debug1: ssh-userauth2 successful: method publickey


Sarge -> Woody

debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering agent key: /home/pierre/.ssh/id_dsa_arcanes
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering agent key: /home/pierre/.ssh/id_dsa_wepf
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering agent key: /home/pierre/.ssh/id_dsa_antec
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering agent key: /home/pierre/.ssh/id_dsa_flyer
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering agent key: /home/pierre/.ssh/id_rsa_savannah
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering agent key: /home/pierre/.ssh/id_dsa_caserne
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering agent key: /home/pierre/.ssh/id_dsa_rmll
debug2: we sent a publickey packet, wait for reply
Received disconnect from 81.53.245.229: 2: Too many authentication failures for pierre
debug1: Calling cleanup 0x805f1f4(0x0)


-- 
pierre.thierry@moine-fou.org
OpenPGP 0xD9D50D8A
[Message part 2 (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#203700; Package ssh. (full text, mbox, link).


Acknowledgement sent to Matt Zimmerman <mdz@debian.org>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. (full text, mbox, link).


Message #10 received at 203700@bugs.debian.org (full text, mbox, reply):

From: Matt Zimmerman <mdz@debian.org>
To: 203700@bugs.debian.org, Pierre THIERRY <pierre.thierry@moine-fou.org>
Subject: Re: ssh: WIth many public keys provided by ssh-agent, connection fail
Date: Wed, 13 Aug 2003 15:24:31 -0400
severity 203700 normal
thanks

This bug does not make ssh unusable, and should not be considered
release-critical.  There is a hard-coded limit AUTH_FAIL_MAX which is set to
6, and after that many failures, the server will close the connection.

Exactly the same thing happens with ssh 3.4p1-1 in woody as with 3.6.1p2-4
in unstable; the code is exactly the same and I confirmed this with a test.
It is probably just that since you are accessing different hosts, it happens
to get to the right key before it exhausts the number of attempts.

-- 
 - mdz



Severity set to `normal'. Request was from Matt Zimmerman <mdz@debian.org> to control@bugs.debian.org. (full text, mbox, link).


Tags removed: sarge Request was from Colin Watson <cjwatson@debian.org> to control@bugs.debian.org. (full text, mbox, link).


Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#203700; Package ssh. (full text, mbox, link).


Acknowledgement sent to Pierre THIERRY <nowhere.man@levallois.eu.org>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. (full text, mbox, link).


Message #19 received at 203700@bugs.debian.org (full text, mbox, reply):

From: Pierre THIERRY <nowhere.man@levallois.eu.org>
To: 203700@bugs.debian.org
Subject: Return of the Evil Bug
Date: Sat, 19 Mar 2005 11:50:00 +0100
[Message part 1 (text/plain, inline)]
I thought again about this bug, and I am pretty sure this is a real bug
in how SSH deals with public keys: why do the client tries all existing
keys if the host matches a configuration that states precisely which key
is to be used?

Quickly,
Nowhere man
-- 
nowhere.man@levallois.eu.org
OpenPGP 0xD9D50D8A
[signature.asc (application/pgp-signature, inline)]

Bug reassigned from package `ssh' to `!'. Request was from Pierre THIERRY <nowhere.man@levallois.eu.org> to control@bugs.debian.org. (full text, mbox, link).


Bug reassigned from package `!' to `ssh'. Request was from Pierre THIERRY <nowhere.man@levallois.eu.org> to control@bugs.debian.org. (full text, mbox, link).


Bug marked as found in version 1:3.6.1p2-3. Request was from Pierre THIERRY <nowhere.man@levallois.eu.org> to control@bugs.debian.org. (full text, mbox, link).


Changed Bug submitter from Pierre THIERRY <pierre.thierry@moine-fou.org> to Pierre THIERRY <nowhere.man@levallois.eu.org>. Request was from Pierre THIERRY <nowhere.man@levallois.eu.org> to control@bugs.debian.org. (full text, mbox, link).


Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Mar 25 18:48:16 2023; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.