Portalbe OpenSSH's don't know agent's keys after authenticion failure with partial success

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

If SSH_MSG_USERAUTH_FAILURE arrives from the server with partial success
(set to 1), in input_userauth_failure() the pubkey_cleanup() and
pubkey_prepare() calls does different thing than the first pubkey_prepare()
instead of identical.

OpenSSH versions: 6.7p1 to 7.1p1 (based on changelog the issue seems to be
introduced in 6.3p1 during fixing another bug):

* ssh(1): reset the order in which public keys are tried after partial
   authentication success.

Environment:
* an ssh-agent with a passphrase-protected private key stored in its
standard name (e.g. .ssh/id_rsa)
* a server that accepts this key but requires further authentication (auth
failure with partial success)
* and the ssh client

First the client sends the key stored in the agent, and then clears its
keys in authctx, and retries the keys. At this point the public key is
missing (.ssh/id_rsa), therefore ssh tries to ask the passphrase, even if
the key is loaded into the agent. And if the passphrase is given, it
retries the very same key.

The problem seems to be occured in pubkey_prepare(), in this line:

    options.identity_keys[i] = NULL;

If the code wants to iterate thrugh these keys after a partial success,
these keys should never
 be NULL'ed, instead these should be copied.

As a result, if I'm not mistaken, the ssh client skips all keys of the
agent.

Regrads,
Laszlo Attila TOTH
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux