https://bugzilla.mindrot.org/show_bug.cgi?id=2617
Adam Eijdenberg <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #4 from Adam Eijdenberg <[email protected]> --- I found this bug after preparing a similar patch (including tests). Although the patch provided here is simpler, it fails when using the new CertificateFile configuration line (which was introduced in the commit that broke the old behaviour). e.g. the following config: CertificateFile /Users/aeijdenberg/.ssh/id_androgogic_shortlived_rsa-cert.pub IdentityFile /Users/aeijdenberg/.ssh/id_androgogic_shortlived_rsa debug1: Offering RSA-CERT public key: /Users/aeijdenberg/.ssh/id_androgogic_shortlived_rsa-cert.pub debug1: Server accepts key: pkalg [email protected] blen 1540 debug1: sign_and_send_pubkey: no separate private key for certificate "/Users/aeijdenberg/.ssh/id_androgogic_shortlived_rsa-cert.pub" @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: UNPROTECTED PRIVATE KEY FILE! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ Permissions 0644 for '/Users/aeijdenberg/.ssh/id_androgogic_shortlived_rsa-cert.pub' are too open. It is required that your private key files are NOT accessible by others. This private key will be ignored. Load key "/Users/aeijdenberg/.ssh/id_androgogic_shortlived_rsa-cert.pub": bad permissions debug1: Trying private key: /Users/aeijdenberg/.ssh/id_androgogic_shortlived_rsa debug1: Authentications that can continue: publickey,password debug1: No more authentication methods to try. Permission denied (publickey,password). (and just changing the permissions didn't seem to help, it instead prompted me for a password for the cert file, which doesn't need one) Commenting out the explicit reference in config to CertificateFile makes it work again. Here is the alternate patch I had put together - it includes tests, and also addresses a few other somewhat related issues: https://github.com/openssh/openssh-portable/pull/53 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
