Bug#599017: openssh-client: Global "User" setting in .ssh/config fails
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: Bug#599017: openssh-client: Global "User" setting in .ssh/config fails
- From: Bart Massey <bart@po8.org>
- Date: Sun, 03 Oct 2010 12:13:49 -0700
- Message-id: <20101003191349.19809.14794.reportbug@localhost.localdomain>
- Reply-to: Bart Massey <bart@po8.org>, 599017@bugs.debian.org
Package: openssh-client
Version: 1:5.5p1-5
Severity: normal
Tags: upstream
To save typing, my .ssh/config started with "User = bart",
which was intended to apply globally unless overriden by the
"User" setting for a particularly connection. Although I
may be mistaken, I think the manual implies that this is
supposed to work.
Sadly, it doesn't; with this configuration, when publickey
authentication fails, rather than fall back to password
authentication the client simply repeatedly sends some bogus
public key until the server dies. Here's a trace:
OpenSSH_5.5p1 Debian-5, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /home/bart/.ssh/config
debug1: Applying options for test
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to bartfan.po8.org [192.168.1.7] port 22.
debug1: Connection established.
debug1: identity file /home/bart/.ssh/id-rsa-test type 1
debug1: Checking blacklist file /usr/share/ssh/blacklist.RSA-4096
debug1: Checking blacklist file /etc/ssh/blacklist.RSA-4096
debug1: identity file /home/bart/.ssh/id-rsa-test-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5p1 Debian-5
debug1: match: OpenSSH_5.5p1 Debian-5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.5p1 Debian-5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'bartfan.po8.org' is known and matches the RSA host key.
debug1: Found key in /home/bart/.ssh/known_hosts:59
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/bart/.ssh/id-rsa-test
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: bart@bartfan
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: bart@bartfan
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: bart@bartfan
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: bart@bartfan
debug1: Authentications that can continue: publickey,password
debug1: Offering public key: bart@bartfan
Received disconnect from 192.168.1.7: 2: Too many authentication failures for bart
Moving the "User" option to be private to each connection in
the config file seems to solve the problem.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (950, 'testing'), (650, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssh-client depends on:
ii adduser 3.112 add and remove users and groups
ii debconf [debconf-2.0] 1.5.33 Debian configuration management sy
ii dpkg 1.15.7.2 Debian package management system
ii libc6 2.11.2-2 Embedded GNU C Library: Shared lib
ii libedit2 2.11-20080614-1 BSD editline and history libraries
ii libgssapi-krb5-2 1.8.1+dfsg-5 MIT Kerberos runtime libraries - k
ii libssl0.9.8 0.9.8o-1 SSL shared libraries
ii passwd 1:4.1.4.2-1 change and administer password and
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages openssh-client recommends:
ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS
ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op
ii xauth 1:1.0.4-1 X authentication utility
Versions of packages openssh-client suggests:
pn keychain <none> (no description available)
pn libpam-ssh <none> (no description available)
ii ssh-askpass 1:1.2.4.1-9 under X, asks user for a passphras
-- Configuration Files:
/etc/ssh/ssh_config changed:
Host *
ForwardX11 = yes
CheckHostIP = no
StrictHostKeyChecking = no
SendEnv = LANG LC_*
HashKnownHosts = no
-- no debconf information
Reply to: