Bug 1747 - AuthorizedKeysFile not working as advertised
Summary: AuthorizedKeysFile not working as advertised
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 5.4p1
Hardware: Other Linux
: P2 major
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_5_5
  Show dependency treegraph
 
Reported: 2010-03-30 13:09 AEDT by David Pflug
Modified: 2010-04-16 15:50 AEST (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David Pflug 2010-03-30 13:09:07 AEDT 
In the upgrade from 5.3 to 5.4, my pubkey authentication stopped working. I investigated and found this in the logs:

Mar 29 19:46:42 dpflug-desktop sshd[18203]: debug1: trying public key file //.ssh/authorized_keys

That's the only place it checks for authorized_keys.

I asked in #openssh and was told that commenting out AuthorizedKeysFile in the config has helped some people.

In the sshd_config man page, it states:
After expansion, AuthorizedKeysFile is taken to be an absolute path or one relative to the user's home directory.  The default is ``.ssh/authorized_keys''.

I have "AuthorizedKeysFile .ssh/authorized_keys" in my sshd_config, but it's not working. Commenting it out did help:

Mar 29 19:52:12 dpflug-desktop sshd[18323]: debug1: matching key found: file /home/dpflug/.ssh/authorized_keys, line 1
Comment 1 Darren Tucker 2010-04-09 10:42:09 AEST 
Thanks for the report.  This has been fixed and will be in the 5.5p1 release.  You can confirm by trying a recent snapshot (http://www.mindrot.org/openssh_snap/).

You can work around it commenting it out (as you noted) or by using "%h" to explicitly specify the user's home directory, eg:

AuthorizedKeysFile %h/.ssh/authorized_keys
Comment 2 Damien Miller 2010-04-16 15:50:37 AEST 
Mass move of bugs RESOLVED->CLOSED following the release of openssh-5.5p1