https://bugzilla.mindrot.org/show_bug.cgi?id=2331
--- Comment #4 from Thomas Waldmann <[email protected]> --- And this is why the magic in ssh-copy-id (which I removed in the patch I linked to) does not work, I used the same command as in the ssh-copy-id magic: $ ssh -v -i .ssh/tw_rsa4096_2015.pub -o PreferredAuthentications=publickey -o IdentitiesOnly=yes bugtest@localhost exit OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014 debug1: Reading configuration data /home/tw/.ssh/config debug1: /home/tw/.ssh/config line 37: Applying options for * debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to localhost [127.0.0.1] port 22. debug1: Connection established. debug1: identity file .ssh/tw_rsa4096_2015.pub type 1 debug1: identity file .ssh/tw_rsa4096_2015.pub-cert type -1 debug1: identity file /home/tw/.ssh/tw_rsa4096_2015 type 1 debug1: identity file /home/tw/.ssh/tw_rsa4096_2015-cert type -1 debug1: identity file /home/tw/.ssh/tw_rsa_2008 type 1 debug1: identity file /home/tw/.ssh/tw_rsa_2008-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 debug1: match: OpenSSH_6.6.1p1 Ubuntu-2ubuntu2 pat OpenSSH_6.6.1* compat 0x04000000 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client [email protected] <implicit> none debug1: kex: client->server [email protected] <implicit> none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: RSA a1:27:ba:68:70:26:fe:47:dd:96:0e:7c:b8:63:43:6f debug1: Host 'localhost' is known and matches the RSA host key. debug1: Found key in /home/tw/.ssh/known_hosts:938 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey XXX debug1: Offering RSA public key: /home/tw/.ssh/tw_rsa_2008 XXX debug1: Server accepts key: pkalg ssh-rsa blen 277 XXX debug1: Authentication succeeded (publickey). Authenticated to localhost ([127.0.0.1]:22). debug1: channel 0: new [client-session] debug1: Requesting [email protected] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 debug1: Sending command: exit debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0 debug1: channel 0: free: client-session, nchannels 1 Transferred: sent 2344, received 2340 bytes, in 0.0 seconds Bytes per second: sent 807179.7, received 805802.2 debug1: Exit status 0 $ echo $? 0 See the 3 lines I marked with XXX - it gets in using the old key. So the magic is using a wrong assumption (that not getting in means the identity given with -i is still missing on the remote and that getting in means the identity given with -i is already present on the remote), see also what I said in the first post. -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
