[Bug 271184] [NEW] ssh client not using correct identity key
Niall Parker
stuff at npengineering.ca
Wed Sep 17 06:09:35 BST 2008
Public bug reported:
Binary package hint: openssh-client
after a recent upgrade to 8.04 from 7.10, I noticed that I no longer had
shell access to one of our servers. Using the same keys works fine in
OpenSSH_4.6p1 Debian-5ubuntu0.5, OpenSSL 0.9.8e 23 Feb 2007 (from ssh
-v), but using the default with 8.04 (OpenSSH_4.7p1 Debian-8ubuntu1.2,
OpenSSL 0.9.8g 19 Oct 2007), the client will not use an alternate
identity file (either specified in .ssh/config or via the -i command
line flag).
This only occurs if the default id_dsa key file exists in .ssh ...
renaming it to id_dsa_old eliminates the problem. It appears the client
is using the default file name in precedence over the config and command
line options.
To recreate:
1. create two key pairs and copy to server
2. restrict one of the keys (in this case I had command="/usr/bin/cvs server")
3. try connecting with both keys and note expected behaviour (default shell and restricted to cvs)
4. rename restricted key to 'id_dsa' and try both keys again via -i option
*** restricted key will be used despite -i option
Workaround: don't have default 'id_dsa' for key filename
** Affects: openssh (Ubuntu)
Importance: Undecided
Status: New
--
ssh client not using correct identity key
https://bugs.launchpad.net/bugs/271184
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.
More information about the Ubuntu-server-bugs
mailing list