https://bugzilla.mindrot.org/show_bug.cgi?id=2737
--- Comment #4 from [email protected] --- thanks, i apply this patch and it will report error if mismatched but not try private again, and add some code to fix it and works. a/sshconnect2.c ssherr.h --------------- #define SSH_ERR_CONN_CORRUPT -54 #define SSH_ERR_PROTOCOL_ERROR -55 + #define SSH_ERR_KEY_RETRY_PRIVATE -56 /* Translate a numeric error code to a human-readable error string */ const char *ssh_err(int n); ssherr.c --------------- case SSH_ERR_PROTOCOL_ERROR: return "Protocol error"; + case SSH_ERR_KEY_RETRY_PRIVATE: + return "Key retry private"; default: return "unknown error"; ssconnect2.c --------------- /* load the private key from the file */ if ((prv = load_identity_file(id)) == NULL) return SSH_ERR_KEY_NOT_FOUND; + if (id->key != NULL && !sshkey_equal_public(prv, id->key)) { + error("%s: private key %s contents do not match public, try again with private key", + __func__, id->filename); + return SSH_ERR_KEY_RETRY_PRIVATE; + } ret = sshkey_sign(prv, sigp, lenp, data, datalen, key_sign_encode(prv), compat); sshkey_free(prv); ... ret = identity_sign(id, &signature, &slen, buffer_ptr(&b), buffer_len(&b), datafellows); if (ret != 0) { if (ret != SSH_ERR_KEY_NOT_FOUND) error("%s: signing failed: %s", __func__, ssh_err(ret)); + if (ret == SSH_ERR_KEY_RETRY_PRIVATE) { + id->tried = 0; + key_free(id->key); + id->key = NULL; + TAILQ_REMOVE(&authctxt->keys, id, next); + TAILQ_INSERT_HEAD(&authctxt->keys, id, next); } free(blob); buffer_free(&b); -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
