Bug 3254

Summary:

Issue on sshd finds correct private key for a certificate when using ssh-agent

Product:

Portable OpenSSH

Reporter:

Miles Zhou <zhouyc.cc>

Component:

sshd

Assignee:

Damien Miller <djm>

Status:

CLOSED FIXED

Severity:

normal

CC:

djm, dtucker

Priority:

Version:

8.4p1

Hardware:

Other

OS:

Linux

Bug Depends on:

Bug Blocks:

3302

Attachments:

Description	Flags
check certificate against host public keys	dtucker: ok+

Description Miles Zhou 2021-01-23 05:08:54 AEDT

Please take a look at line 1936 in main() function in sshd.c. 

/* Find matching private key */
	for (j = 0; j < options.num_host_key_files; j++) {
		if (sshkey_equal_public(key,
			sensitive_data.host_keys[j])) {
			sensitive_data.host_certificates[j] = key;
				break;
			}
	}

the sshkey_equal_public() is trying to compare a cert's pub with a private key, and it never find a match which makes sshd cannot use this certificate even though its private key is in ssh-agent.
I believe it should be comparing a cert's public key with a public key in sensitive_data as follow.

/* Find matching private key */
	for (j = 0; j < options.num_host_key_files; j++) {
		if (sshkey_equal_public(key,
			sensitive_data.host_pubkeys[j])) {
			sensitive_data.host_certificates[j] = key;
				break;
			}
	}

https://github.com/openssh/openssh-portable/blob/V_8_4/sshd.c#L1936

Comment 1 Damien Miller 2021-06-04 13:26:09 AEST

Created attachment 3526 [details]
check certificate against host public keys

Comment 2 Damien Miller 2021-06-06 21:35:51 AEST

Thanks - this has been committed as 530739d4 and will be in the next OpenSSH release

Comment 3 Damien Miller 2022-02-25 13:59:06 AEDT

closing bugs resolved before openssh-8.9