Public bug reported:
Ubuntu 14.04.1 LTS
openssh-client 1:6.6p1-2ubuntu2
We have HostbasedAuthentication set up in our environment so that users
can ssh between equivalent hosts without a password.
ssh_config contains (relevantly)
HostbasedAuthentication yes
PreferredAuthentications publickey,hostbased,password,keyboard-interactive
EnableSSHKeysign yes
sshd_config contains (relevantly)
HostbasedAuthentication yes
This works:
ocelot:~$ ssh othermc
othermc:~$
However, ssh-ing as an alternative user produces additional warning
messages before the expected password prompt:
ocelot:~$ ssh otheruser@othermc
no matching hostkey found
ssh_keysign: no reply
key_sign failed
otheruser@othermc's password:
If instead of relying on EnableSSHKeysign in ssh_config I make the ssh
binary setuid:
chmod u+s /usr/bin/ssh
...the extra warnings go away and I get what I expect:
ocelot:~$ ssh otheruser@othermc
otheruser@othermc's password:
This makes me suspect that there may be a problem with ssh-keysign.
** Affects: openssh (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1389167
Title:
HostbasedAuthentication produces spurious warnings
Status in “openssh” package in Ubuntu:
New
Bug description:
Ubuntu 14.04.1 LTS
openssh-client 1:6.6p1-2ubuntu2
We have HostbasedAuthentication set up in our environment so that
users can ssh between equivalent hosts without a password.
ssh_config contains (relevantly)
HostbasedAuthentication yes
PreferredAuthentications publickey,hostbased,password,keyboard-interactive
EnableSSHKeysign yes
sshd_config contains (relevantly)
HostbasedAuthentication yes
This works:
ocelot:~$ ssh othermc
othermc:~$
However, ssh-ing as an alternative user produces additional warning
messages before the expected password prompt:
ocelot:~$ ssh otheruser@othermc
no matching hostkey found
ssh_keysign: no reply
key_sign failed
otheruser@othermc's password:
If instead of relying on EnableSSHKeysign in ssh_config I make the ssh
binary setuid:
chmod u+s /usr/bin/ssh
...the extra warnings go away and I get what I expect:
ocelot:~$ ssh otheruser@othermc
otheruser@othermc's password:
This makes me suspect that there may be a problem with ssh-keysign.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1389167/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
