Bugzilla – Attachment 3385 Details for
Bug 3153
Prefer user specified keys to avoid the agent overloading MaxAuthTries before even trying the key that was specified
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
RFC patch to start the discussion
0001-offer-user-specified-key-first.patch (text/plain), 1.81 KB, created by
Christian Ehrhardt
on 2020-04-23 16:36:34 AEST
(
hide
)
Description:
RFC patch to start the discussion
Filename:
MIME Type:
Creator:
Christian Ehrhardt
Created:
2020-04-23 16:36:34 AEST
Size:
1.81 KB
patch
obsolete
>From 7f3ca5f022c6bde3e86d1d297b6177a6561d0fef Mon Sep 17 00:00:00 2001 >From: Christian Ehrhardt <christian.ehrhardt@canonical.com> >Date: Thu, 23 Apr 2020 08:29:41 +0200 >Subject: [PATCH] offer user specified key first > >There is a quite common issue that a long list of keys in the agent >leads to exceeding the servers MaxAuthTrie. >In that case a user can set -i to a new key and still is denied. >To fix that it seems reasonable to always prefer explicitly set keys. > >Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> >--- > sshconnect2.c | 16 ++++++++++------ > 1 file changed, 10 insertions(+), 6 deletions(-) > >diff --git a/sshconnect2.c b/sshconnect2.c >index 1a6545edf..13808368d 100644 >--- a/sshconnect2.c >+++ b/sshconnect2.c >@@ -1549,11 +1549,12 @@ key_type_allowed_by_config(struct sshkey *key) > > /* > * try keys in the following order: >- * 1. certificates listed in the config file >- * 2. other input certificates >- * 3. agent keys that are found in the config file >- * 4. other agent keys >- * 5. keys that are only listed in the config file >+ * 1. keys directly provided by the user >+ * 2. certificates listed in the config file >+ * 3. other input certificates >+ * 4. agent keys that are found in the config file >+ * 5. other agent keys >+ * 6. keys that are only listed in the config file > */ > static void > pubkey_prepare(Authctxt *authctxt) >@@ -1689,7 +1690,10 @@ pubkey_prepare(Authctxt *authctxt) > /* append remaining keys from the config file */ > for (id = TAILQ_FIRST(&files); id; id = TAILQ_FIRST(&files)) { > TAILQ_REMOVE(&files, id, next); >- TAILQ_INSERT_TAIL(preferred, id, next); >+ if (id->userprovided) >+ TAILQ_INSERT_HEAD(preferred, id, next); >+ else >+ TAILQ_INSERT_TAIL(preferred, id, next); > } > /* finally, filter by PubkeyAcceptedKeyTypes */ > TAILQ_FOREACH_SAFE(id, preferred, next, id2) { >-- >2.26.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3385">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 3153
: 3385 |
3387