We make use of the RevokedKeys feature to list some old keys that we don't want people able to use any more. Included in this list are some RSA keys <1024 bits in length. They're insecure, which is why we revoke them explicitly. When sshd tries to read the RevokedKeys file it errors on the short key and as a result refuses to let anyone log in. I presume this is related to such keys no longer being accepted for authentication. 7.5p1 works fine 7.6p1 errors logs: sshd[22012]: error: Error checking authentication key RSA SHA256:xxxxxxxxxxxxxxxxxxxxxx in revoked keys file /etc/ssh/revoked_keys: Invalid key length We have fixed this for our case by removing the revoked short keys, but since the effect at the time was to lock us out of a server purely as a result of upgrading openssh-server, I wanted to make a note that it could be quite a bad situation for some folk. Ideally having an unacceptable key in RevokedKeys shouldn't prevent all logins. It's a place where insecure keys *should* be listed.
Created attachment 3178 [details] ignore invalid key length errors in sshkey_in_file() This silently ignores SSH_ERR_KEY_LENGTH errors in sshkey_in_file(). This function is currently used in two places: revocation and listing CA keys. Ignoring SSH_ERR_KEY_LENGTH is safe in the CA path because we'd never accept one of those keys as a CA key. Ignoring the error in the revocation path is safe because we refuse those keys for authentication too. IMO it's worth allowing revoked keys lists with invalid short keys present as it supports sharing revocation lists between different OpenSSH versions (some of which may not ban short keys).
Fix committed, this will be in the openssh-7.9 release
Close RESOLVED bugs with the release of openssh-8.0