Bug#633368: marked as done (ssh hostbased authentication fails when ECDSA keys are available )

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sun, 24 Jul 2011 10:32:25 +0000
with message-id <E1Qkvyz-0008Ry-Dt@franck.debian.org>
and subject line Bug#633368: fixed in openssh 1:5.8p1-5
has caused the Debian Bug report #633368,
regarding ssh hostbased authentication fails when ECDSA keys are available 
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
633368: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633368
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: ssh hostbased authentication fails when ECDSA keys are available
• From: Wakko Warner <wakko@animx.eu.org>
• Date: Sat, 09 Jul 2011 13:25:35 -0400
• Message-id: <[🔎] 20110709172535.7132.97592.reportbug@kame.animx.com>

Package: openssh-client
Version: 1:5.8p1-4
Severity: normal

If I have hostbased authentication enabled and attempt to ssh to another
system, hostbased authentication always fails and falls back to password
authentication.

If I remove /etc/ssh/ssh_host_ecdsa_key* and try again, everything works.

I found this bug report from Feb 2011:
http://lists.mindrot.org/pipermail/openssh-bugs/2011-February/010105.html

Apparently, this is fixed in 5.9 which debian does not appear to have yet.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.39 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-client depends on:
ii  adduser              3.112+nmu2          add and remove users and groups
ii  debconf [debconf-2.0 1.5.39              Debian configuration management sy
ii  dpkg                 1.16.0.3            Debian package management system
ii  libc6                2.13-4              Embedded GNU C Library: Shared lib
ii  libedit2             2.11-20080614-2     BSD editline and history libraries
ii  libgssapi-krb5-2     1.9.1+dfsg-1+b1     MIT Kerberos runtime libraries - k
ii  libselinux1          2.0.98-1+b1         SELinux runtime shared libraries
ii  libssl1.0.0          1.0.0d-2            SSL shared libraries
ii  passwd               1:4.1.4.2+svn3283-3 change and administer password and
ii  zlib1g               1:1.2.3.4.dfsg-3    compression library - runtime

Versions of packages openssh-client recommends:
ii  openssh-blacklist             0.4.1      list of default blacklisted OpenSS
ii  xauth                         1:1.0.5-1  X authentication utility

-- Configuration Files:
/etc/ssh/ssh_config changed [not included]

-- no debconf information

--- End Message ---

--- Begin Message ---

• To: 633368-close@bugs.debian.org
• Subject: Bug#633368: fixed in openssh 1:5.8p1-5
• From: Colin Watson <cjwatson@debian.org>
• Date: Sun, 24 Jul 2011 10:32:25 +0000
• Message-id: <E1Qkvyz-0008Ry-Dt@franck.debian.org>

Source: openssh
Source-Version: 1:5.8p1-5

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

openssh-client-udeb_5.8p1-5_i386.udeb
  to main/o/openssh/openssh-client-udeb_5.8p1-5_i386.udeb
openssh-client_5.8p1-5_i386.deb
  to main/o/openssh/openssh-client_5.8p1-5_i386.deb
openssh-server-udeb_5.8p1-5_i386.udeb
  to main/o/openssh/openssh-server-udeb_5.8p1-5_i386.udeb
openssh-server_5.8p1-5_i386.deb
  to main/o/openssh/openssh-server_5.8p1-5_i386.deb
openssh_5.8p1-5.debian.tar.gz
  to main/o/openssh/openssh_5.8p1-5.debian.tar.gz
openssh_5.8p1-5.dsc
  to main/o/openssh/openssh_5.8p1-5.dsc
ssh-askpass-gnome_5.8p1-5_i386.deb
  to main/o/openssh/ssh-askpass-gnome_5.8p1-5_i386.deb
ssh-krb5_5.8p1-5_all.deb
  to main/o/openssh/ssh-krb5_5.8p1-5_all.deb
ssh_5.8p1-5_all.deb
  to main/o/openssh/ssh_5.8p1-5_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 633368@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 24 Jul 2011 11:06:47 +0100
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source i386 all
Version: 1:5.8p1-5
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 622604 633368
Changes: 
 openssh (1:5.8p1-5) unstable; urgency=low
 .
   * Drop openssh-server's dependency on openssh-blacklist to a
     recommendation (closes: #622604).
   * Update Vcs-* fields and README.source for Alioth changes.
   * Backport from upstream:
     - Make hostbased auth with ECDSA keys work correctly (closes: #633368).
Checksums-Sha1: 
 440c1ef072a052b814285294d794a2742a7b0964 2262 openssh_5.8p1-5.dsc
 785de63bf9156e4a3c661ee6d0ff63194b9c563e 236017 openssh_5.8p1-5.debian.tar.gz
 7a7bd8bc02e1869777d52c3bcd493750f8edceac 1021574 openssh-client_5.8p1-5_i386.deb
 6a06e883ef1dc3e2c1f70c29a073ce64bf07eeff 337258 openssh-server_5.8p1-5_i386.deb
 c33b21c24b83b0c575e6a71a0ad2c2c62cd96b2c 1246 ssh_5.8p1-5_all.deb
 6dac5fde80982add15e6fe0079ca525f09bf6aab 75154 ssh-krb5_5.8p1-5_all.deb
 8f0bc06918b4b46fd2a5e13be34c9002312e5d87 83650 ssh-askpass-gnome_5.8p1-5_i386.deb
 3d2c0de8787b4aeb93d5319678be66e58590267d 256210 openssh-client-udeb_5.8p1-5_i386.udeb
 cdb742cae87eb9e51ccc269ce3c01b863e1d9c87 288110 openssh-server-udeb_5.8p1-5_i386.udeb
Checksums-Sha256: 
 fb26e2ecac46c8485a2f32c83385ab632977ca5c462ed77cedc4613d163ded81 2262 openssh_5.8p1-5.dsc
 6223b725e3d80e9d5cde1ee50acc244c34a370aafddb464aeef6b2e18b701650 236017 openssh_5.8p1-5.debian.tar.gz
 98020c9cd0822f82a3ee98abd2c8aebd603166026841b9375c075c81de33a7c6 1021574 openssh-client_5.8p1-5_i386.deb
 f162df164cde793ff2461e3c07fa85f8774f77b543ef6e6b0a17e5810b2fac6a 337258 openssh-server_5.8p1-5_i386.deb
 f69ccf4c4ca5b8e63cacd2739c0a39646cf5d35c2fc23dad504eb12216af7572 1246 ssh_5.8p1-5_all.deb
 74bcdd115f6c2555b5e2d13fc1347a3ba9e03fd49c46a51b370ed101139cdfba 75154 ssh-krb5_5.8p1-5_all.deb
 9e0b06380dbd0de0403f2927501e89220df6114b09406dfae02ff7b62d1373d3 83650 ssh-askpass-gnome_5.8p1-5_i386.deb
 f454eeddacd062d13427ce030c6af58404fa80fc2bfb2596baf941ed546ebb42 256210 openssh-client-udeb_5.8p1-5_i386.udeb
 818ac86de78953366c13655e0af5a94797ea85fa4453c9080e9a8d5e47bc0d4e 288110 openssh-server-udeb_5.8p1-5_i386.udeb
Files: 
 2fbc8d44fd6d14d4c2fa16b2eac0fb4b 2262 net standard openssh_5.8p1-5.dsc
 b1749c24fea172383d1d290f38ede3e6 236017 net standard openssh_5.8p1-5.debian.tar.gz
 9feaf47451d00233ca0f28f7e9ed0f1e 1021574 net standard openssh-client_5.8p1-5_i386.deb
 23174f7af4f950d2ff14eb62aad0db3e 337258 net optional openssh-server_5.8p1-5_i386.deb
 6054f1f1c443e8b59826e3c355f43029 1246 net extra ssh_5.8p1-5_all.deb
 00380336dfaa181f7ca7680baf6f6024 75154 net extra ssh-krb5_5.8p1-5_all.deb
 d7586d964fef292c0fe495d17cf6eafe 83650 gnome optional ssh-askpass-gnome_5.8p1-5_i386.deb
 502ff2852402636c6b47b02628409d19 256210 debian-installer optional openssh-client-udeb_5.8p1-5_i386.udeb
 63b8ccff1701c575802269bc4833859e 288110 debian-installer optional openssh-server-udeb_5.8p1-5_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIVAwUBTivwhjk1h9l9hlALAQiwpg//eEbeI6k5etnllsvCWymy2HNeojXGv3Ps
bRJrFwdm+4GZJcLKGJfqjQrV7JAA+pGvuP04seMsJy3W54/4od9BhoIqzQl+pwxq
6vsgEQI17+fn1VFpHCDfXe774xhfouR9nNPKB7tVSQ5xzrMHTqMXHK+pSCfyy6g6
/QZs2PEa+YWjQkzQSJ4lr2WQKqX+6EmTEEMlGJmj+BWpqf92IlQplg30T2b4wesD
F+vWyZmpEc6gar9UQKBBXF1lgfx4NV+MpafFIf7FmAN98/m9VhRjKdnNkqK76d6W
YhehH3OYCoUm+2DOiqxIIQRVCirfZ76cKoX2nFoaDGSQKSmHK3oz7eD8q/Y0DjV4
jbRMvRm0ydQiM0ejxSrywWPVjqfqO5KbSN0o3t7jcFHRKmT3WvRrnml0WzKhAxs6
0jYJMuG2JzXS27h5fn+6BcvCaI8Eri9Ox+N4NoENtNZMgmlU0fJYjaVpOAlv94fl
yePKpFjLIjCF503viHYp/EeESbFC2X43O0PSAYMcfcN/lFy9aphthsfVILuEC6hO
QLVRMIHSArHhTZgbfLJMf1k/gdkoORaWG8zBwovxbeqpZNQGSnaF/zCrYQkY78gx
W/s5pd+1fNpLbsXdOlPQlPOt0LXQW8Go8h4DWa3KhdBhcvWXKgFQa5U4p7UmA4Hh
vPuhSoMGhGU=
=kE8Q
-----END PGP SIGNATURE-----

--- End Message ---