On Fri, Mar 21, 2014 at 10:15:56 -0600, Pieter Bowman wrote: > The problem I am seeing was introduced between 6.4p1 and 6.5p1 (and > still exists in 6.6p1). With HostbasedAuthentication/EnableSSHKeysign > turned on, I am seeing one of two sets of messages: > > no matching hostkey found > ssh_keysign: no reply > key_sign failed > > and > > not a valid request > ssh_keysign: no reply > key_sign failed > > > Then in either case two password prompts: > > bowman@xxxxxxxxxxxxxxxxxx's password: > Permission denied, please try again. > bowman@xxxxxxxxxxxxxxxxxx's password: > > > I've used strace and dtrace to watch what files are opened and > executables run. All the correct key files are accessed and the > correct version of ssh-keysign used. Even the ssh-keysign from 6.5p1 > or 6.6p1 works correctly with ssh from 6.4p1. > The ssh -vvv output might be of a little interest. I'm particularly curious as to whether you get the messages that you quoted with each keysign request or just the one for the ed25519 key. The behavour sounds like there is a version mismatch which is causing it to choke on the ed25519 key. You indicate that the correct ssh-keysign is being invoked, or at least the right path is used. Try running strings on the executable and grep for ed25519. Were yyou deliberately failing the two password prompts, or is that anouther aspect of the problem? -- Iain Morgan _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev