On Tue, 19 Apr 2016, Elouan Keryell-Even wrote: > Hello, > > I have a client machine and a server machine. I generated a pair of > private-public rsa keys using ssh-keygen. > > On the client-machine, I uploaded my private key onto ~/.ssh/id_rsa > > On the server machine, I appended the content of the public key to > .ssh/authorized_keys > > I can successfully connect from the client to the server with that config. > > However, on the client-side, if I add a ~/.ssh/id_rsa.pub public key file > that doesn’t match the private key file ~/.ssh/id_rsa, it will fail with > “Permission denied (publickey).” > > Error on the server-side (sshd logs): > > error: RSA_public_decrypt failed: > error:0407006A:lib(4):func(112):reason(106) ssh uses the public key to avoid loading or decrypting the private key for cases were it isn't necessary. We should improve the handling of cases where they don't match. diff --git a/sshconnect2.c b/sshconnect2.c index 1cf48a2..5a27392 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1243,6 +1243,14 @@ load_identity_file(Identity *id) quit = 1; break; } + if (private != NULL && id->key != NULL && + !sshkey_equal(id->key, private)) { + error("Load key \"%s\": private key does not match " + "public key", id->filename); + sshkey_free(private); + private = NULL; + quit = 1; + } if (!quit && private != NULL && id->agent_fd == -1 && !(id->key && id->isprivate)) maybe_add_key_to_agent(id->filename, private, comment, _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev