Debian Bug report logs -
#203700
ssh: WIth many public keys provided by ssh-agent, connection fail
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#203700; Package ssh.
(full text, mbox, link).
Acknowledgement sent to Pierre THIERRY <pierre.thierry@moine-fou.org>:
New Bug report received and forwarded. Copy sent to Matthew Vernon <matthew@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: ssh
Version: 1:3.6.1p2-3
Severity: grave
Justification: renders package unusable
Tags: sarge
I share a home directory between two machines, a woody and a sarge. The
bashrc calls a script that loads every private kye present i .ssh. For
the machine corresponding to the last key, with the former, the
connection is successful, but the latter receives a disconnect from the
SSH server just before the good key. The SSH server is on a woody.
Here are the two ssh -vv:
Woody -> Woody
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: userauth_pubkey_agent: testing agent key /home/pierre/.ssh/id_dsa_arcanes
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: userauth_pubkey_agent: testing agent key /home/pierre/.ssh/id_dsa_wepf
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: userauth_pubkey_agent: testing agent key /home/pierre/.ssh/id_dsa_antec
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: userauth_pubkey_agent: testing agent key /home/pierre/.ssh/id_rsa_savannah
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: userauth_pubkey_agent: testing agent key /home/pierre/.ssh/id_dsa_caserne
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: userauth_pubkey_agent: testing agent key /home/pierre/.ssh/id_dsa_rmll
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: userauth_pubkey_agent: testing agent key /home/pierre/.ssh/id_dsa_efco
debug2: we sent a publickey packet, wait for reply
debug1: input_userauth_pk_ok: pkalg ssh-dss blen 434 lastkey 0x8092f30 hint -1
debug2: input_userauth_pk_ok: fp 02:de:fb:4d:51:3f:30:43:c7:09:09:ad:c5:63:48:df
debug1: ssh-userauth2 successful: method publickey
Sarge -> Woody
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering agent key: /home/pierre/.ssh/id_dsa_arcanes
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering agent key: /home/pierre/.ssh/id_dsa_wepf
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering agent key: /home/pierre/.ssh/id_dsa_antec
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering agent key: /home/pierre/.ssh/id_dsa_flyer
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering agent key: /home/pierre/.ssh/id_rsa_savannah
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering agent key: /home/pierre/.ssh/id_dsa_caserne
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering agent key: /home/pierre/.ssh/id_dsa_rmll
debug2: we sent a publickey packet, wait for reply
Received disconnect from 81.53.245.229: 2: Too many authentication failures for pierre
debug1: Calling cleanup 0x805f1f4(0x0)
--
pierre.thierry@moine-fou.org
OpenPGP 0xD9D50D8A
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#203700; Package ssh.
(full text, mbox, link).
Acknowledgement sent to Matt Zimmerman <mdz@debian.org>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>.
(full text, mbox, link).
Message #10 received at 203700@bugs.debian.org (full text, mbox, reply):
severity 203700 normal
thanks
This bug does not make ssh unusable, and should not be considered
release-critical. There is a hard-coded limit AUTH_FAIL_MAX which is set to
6, and after that many failures, the server will close the connection.
Exactly the same thing happens with ssh 3.4p1-1 in woody as with 3.6.1p2-4
in unstable; the code is exactly the same and I confirmed this with a test.
It is probably just that since you are accessing different hosts, it happens
to get to the right key before it exhausts the number of attempts.
--
- mdz
Severity set to `normal'.
Request was from Matt Zimmerman <mdz@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Tags removed: sarge
Request was from Colin Watson <cjwatson@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#203700; Package ssh.
(full text, mbox, link).
Acknowledgement sent to Pierre THIERRY <nowhere.man@levallois.eu.org>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>.
(full text, mbox, link).
Message #19 received at 203700@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
I thought again about this bug, and I am pretty sure this is a real bug
in how SSH deals with public keys: why do the client tries all existing
keys if the host matches a configuration that states precisely which key
is to be used?
Quickly,
Nowhere man
--
nowhere.man@levallois.eu.org
OpenPGP 0xD9D50D8A
[signature.asc (application/pgp-signature, inline)]
Bug reassigned from package `ssh' to `!'.
Request was from Pierre THIERRY <nowhere.man@levallois.eu.org>
to control@bugs.debian.org.
(full text, mbox, link).
Bug reassigned from package `!' to `ssh'.
Request was from Pierre THIERRY <nowhere.man@levallois.eu.org>
to control@bugs.debian.org.
(full text, mbox, link).
Bug marked as found in version 1:3.6.1p2-3.
Request was from Pierre THIERRY <nowhere.man@levallois.eu.org>
to control@bugs.debian.org.
(full text, mbox, link).
Changed Bug submitter from Pierre THIERRY <pierre.thierry@moine-fou.org> to Pierre THIERRY <nowhere.man@levallois.eu.org>.
Request was from Pierre THIERRY <nowhere.man@levallois.eu.org>
to control@bugs.debian.org.
(full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat Mar 25 18:48:16 2023;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.