Package: openssh-client Version: 1:5.5p1-5 Severity: normal Tags: upstream
To save typing, my .ssh/config started with "User = bart", which was intended to apply globally unless overriden by the "User" setting for a particularly connection. Although I may be mistaken, I think the manual implies that this is supposed to work. Sadly, it doesn't; with this configuration, when publickey authentication fails, rather than fall back to password authentication the client simply repeatedly sends some bogus public key until the server dies. Here's a trace: OpenSSH_5.5p1 Debian-5, OpenSSL 0.9.8o 01 Jun 2010 debug1: Reading configuration data /home/bart/.ssh/config debug1: Applying options for test debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to bartfan.po8.org [192.168.1.7] port 22. debug1: Connection established. debug1: identity file /home/bart/.ssh/id-rsa-test type 1 debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-4096 debug1: Checking blacklist file /etc/ssh/blacklist.RSA-4096 debug1: identity file /home/bart/.ssh/id-rsa-test-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-5 debug1: match: OpenSSH_5.5p1 Debian-5 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-5 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'bartfan.po8.org' is known and matches the RSA host key. debug1: Found key in /home/bart/.ssh/known_hosts:59 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password debug1: Next authentication method: publickey debug1: Offering public key: /home/bart/.ssh/id-rsa-test debug1: Authentications that can continue: publickey,password debug1: Offering public key: b...@bartfan debug1: Authentications that can continue: publickey,password debug1: Offering public key: b...@bartfan debug1: Authentications that can continue: publickey,password debug1: Offering public key: b...@bartfan debug1: Authentications that can continue: publickey,password debug1: Offering public key: b...@bartfan debug1: Authentications that can continue: publickey,password debug1: Offering public key: b...@bartfan Received disconnect from 192.168.1.7: 2: Too many authentication failures for bart Moving the "User" option to be private to each connection in the config file seems to solve the problem. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (950, 'testing'), (650, 'unstable'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages openssh-client depends on: ii adduser 3.112 add and remove users and groups ii debconf [debconf-2.0] 1.5.33 Debian configuration management sy ii dpkg 1.15.7.2 Debian package management system ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib ii libedit2 2.11-20080614-1 BSD editline and history libraries ii libgssapi-krb5-2 1.8.1+dfsg-5 MIT Kerberos runtime libraries - k ii libssl0.9.8 0.9.8o-1 SSL shared libraries ii passwd 1:4.1.4.2-1 change and administer password and ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages openssh-client recommends: ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op ii xauth 1:1.0.4-1 X authentication utility Versions of packages openssh-client suggests: pn keychain <none> (no description available) pn libpam-ssh <none> (no description available) ii ssh-askpass 1:1.2.4.1-9 under X, asks user for a passphras -- Configuration Files: /etc/ssh/ssh_config changed: Host * ForwardX11 = yes CheckHostIP = no StrictHostKeyChecking = no SendEnv = LANG LC_* HashKnownHosts = no -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org