Bug#633368: ssh hostbased authentication fails when ECDSA keys are available
Package: openssh-client
Version: 1:5.8p1-4
Severity: normal
If I have hostbased authentication enabled and attempt to ssh to another
system, hostbased authentication always fails and falls back to password
authentication.
If I remove /etc/ssh/ssh_host_ecdsa_key* and try again, everything works.
I found this bug report from Feb 2011:
http://lists.mindrot.org/pipermail/openssh-bugs/2011-February/010105.html
Apparently, this is fixed in 5.9 which debian does not appear to have yet.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.39 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages openssh-client depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii debconf [debconf-2.0 1.5.39 Debian configuration management sy
ii dpkg 1.16.0.3 Debian package management system
ii libc6 2.13-4 Embedded GNU C Library: Shared lib
ii libedit2 2.11-20080614-2 BSD editline and history libraries
ii libgssapi-krb5-2 1.9.1+dfsg-1+b1 MIT Kerberos runtime libraries - k
ii libselinux1 2.0.98-1+b1 SELinux runtime shared libraries
ii libssl1.0.0 1.0.0d-2 SSL shared libraries
ii passwd 1:4.1.4.2+svn3283-3 change and administer password and
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
Versions of packages openssh-client recommends:
ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS
ii xauth 1:1.0.5-1 X authentication utility
-- Configuration Files:
/etc/ssh/ssh_config changed [not included]
-- no debconf information
Reply to: