Comment 0 for bug 1952421

Revision history for this message
Utkarsh Gupta (utkarsh) wrote :

Reported as https://bugzilla.mindrot.org/show_bug.cgi?id=3254 upstream:

Please take a look at line 1936 in main() function in sshd.c.

/* Find matching private key */
 for (j = 0; j < options.num_host_key_files; j++) {
  if (sshkey_equal_public(key,
   sensitive_data.host_keys[j])) {
   sensitive_data.host_certificates[j] = key;
    break;
   }
 }

the sshkey_equal_public() is trying to compare a cert's pub with a private key, and it never find a match which makes sshd cannot use this certificate even though its private key is in ssh-agent.
I believe it should be comparing a cert's public key with a public key in sensitive_data as follow.

/* Find matching private key */
 for (j = 0; j < options.num_host_key_files; j++) {
  if (sshkey_equal_public(key,
   sensitive_data.host_pubkeys[j])) {
   sensitive_data.host_certificates[j] = key;
    break;
   }
 }

https://github.com/openssh/openssh-portable/blob/V_8_4/sshd.c#L1936

Due to this HostCertificate and HostKeyAgent not working together in sshd and this affects every version of openssh back till Focal, at least.