[Bug 420813] [NEW] ssh blacklisting of private keys 9.04_64

Fri Aug 28 23:51:09 BST 2009

Public bug reported:

Similar to: 328127, 328445 348126

Three servers were installed using the same script to configure them
after installing 9.04_64. In all ways they function identically except
one of them is blacklisting some keys of some systems administrators. We
all have had our keys for quite some time and these three systems are
among hundreds of RHEL and Solaris servers where all the keys are
working just fine.

The three servers are all HP ProLiant DL360 G5. 
# dpkg -S /usr/sbin/sshd
openssh-server: /usr/sbin/sshd
# lsb_release -rd
Description:	Ubuntu 9.04
Release:	9.04
# apt-cache policy openssh-server
openssh-server:
  Installed: 1:5.1p1-5ubuntu1
  Candidate: 1:5.1p1-5ubuntu1
  Version table:
 *** 1:5.1p1-5ubuntu1 0
        500 http://us.archive.ubuntu.com jaunty/main Packages
        100 /var/lib/dpkg/status

ssh-vulnkey -a lists the failing keys as blacklisted. Debugging confirms
the keys are examined and not used.

Generating a new key on a Dell Optiplex GX620 results running 9.04
results NOT blacklisting, but login fails with a failure to sign key
message and password option is not made available. Adding the old key
back to authorized keys results in immediate blacklisting again.

Keys from non-Ubuntu systems have no problems. Only keys from Ubuntu
(several recent versions) have been blacklisted.

There is no seahorse involved.

** Affects: openssh (Ubuntu)
     Importance: Undecided
         Status: New

-- 
ssh blacklisting of private keys 9.04_64
https://bugs.launchpad.net/bugs/420813
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to openssh in ubuntu.