Ubuntu
openssh package

ssh client not using correct identity key

Bug #271184 reported by Niall Parker
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Binary package hint: openssh-client

after a recent upgrade to 8.04 from 7.10, I noticed that I no longer had shell access to one of our servers. Using the same keys works fine in OpenSSH_4.6p1 Debian-5ubuntu0.5, OpenSSL 0.9.8e 23 Feb 2007 (from ssh -v), but using the default with 8.04 (OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007), the client will not use an alternate identity file (either specified in .ssh/config or via the -i command line flag).

This only occurs if the default id_dsa key file exists in .ssh ... renaming it to id_dsa_old eliminates the problem. It appears the client is using the default file name in precedence over the config and command line options.

To recreate:
1. create two key pairs and copy to server
2. restrict one of the keys (in this case I had command="/usr/bin/cvs server")
3. try connecting with both keys and note expected behaviour (default shell and restricted to cvs)
4. rename restricted key to 'id_dsa' and try both keys again via -i option
*** restricted key will be used despite -i option

Workaround: don't have default 'id_dsa' for key filename

Revision history for this message
Randy Slzlr (ubuntu-bug-data-warp) wrote :

Could this be related to 302252, which I reported last week.
Similarities include: 1) ssh uses the wrong "-i id_rsa-..." key, 2) noticed shortly after upgrade.

I'm using id_rsa, instead of id_dsa. Unlike this bug, the workaround (removing the default key) does not work.

Revision history for this message
Kees Cook (kees) wrote :

Is this still a problem now that bug 275010 is fixed?

Changed in openssh (Ubuntu):
status: New → Incomplete
Revision history for this message
Chuck Short (zulcss) wrote :

We'd like to figure out what's causing this bug for you, but we haven't heard back from you in a while. Could you please provide the requested information? Thanks!

Revision history for this message
Niall Parker (stuff-npengineering) wrote : Re: [Bug 271184] Re: ssh client not using correct identity key

Chuck Short wrote:
> We'd like to figure out what's causing this bug for you, but we haven't
> heard back from you in a while. Could you please provide the requested
> information? Thanks!
>

I responded to your last (automatic ?) query, and yes, the problem is
still present on my system (naturally as any bug fixes haven't (yet)
been backported to 8.04 LTS)

     ... Niall

Chuck Short (zulcss)
Changed in openssh (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
Varspigil (varspigil) wrote :

I can provide further information on this bug as well.

Apparently the settings in ssh_config on the client machine are ignored and the OpenSSH client continues using id_rsa to search for key authentication.

If you run the client connection using the verbose switch, you'll see it.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.