Bug 290

Summary: auth_method set incorrectly in mm_answer_keyverify()
Product: Portable OpenSSH Reporter: halley
Component: sshdAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED DUPLICATE    
Severity: major    
Priority: P2    
Version: -current   
Hardware: ix86   
OS: Linux   

Description halley 2002-06-25 17:01:19 AEST 
Some friends pointed out some logging weirdness with OpenSSH 3.3;
I check it out on my system and saw the same thing.  It says:

sshd[24182]: Accepted hostbased for halley from 127.0.0.1 port 52472 ssh2

even though it was using publickey authentication (and tracing via the 
client verifies that the publickey was used).  Hostbased authentication is 
disabled in my config file.

Figuring this was a logging bug, I went hunting in the code.  In 
mm_answer_keyverify() is the line:

auth_method = key_blobtype == MM_USERKEY ? "publickey" : "hostbased";

But this line occurs *after* the call to monitor_reset_key_state(), which
sets key_blobtype to MM_NOKEY.

Moving the auth_method assignment before the call to 
monitor_reset_key_state() fixed the problem.  I don't think anything else 
bad happens because of this bug, but I don't know the code well enough to 
be sure.  I also don't think there are any side effects from moving the
assignment, but again, I can't be certain.

Keep up the good work on OpenSSH!

/Bob
Comment 1 Kevin Steves 2002-06-26 03:52:10 AEST 
already fixed

*** This bug has been marked as a duplicate of 284 ***
Comment 2 Damien Miller 2004-04-14 12:24:18 AEST 
Mass change of RESOLVED bugs to CLOSED