Bug#822844: openssh-client: can't use an in-memory-only
certificate that doesn't also have another in-memory private key
Reply-To:
In-Reply-To: <[🔎] 20160428104139.GL21507@riva.ucam.org>
X-Operating-System: Linux io 3.16.0-4-amd64
On Thu, Apr 28, 2016 at 11:41:39 +0100, Colin Watson wrote:
> On Thu, Apr 28, 2016 at 05:43:43PM +0800, gustavo panizzo wrote:
> > Package: openssh-client
> > Version: 1:7.2p2-5
> > Severity: normal
> >
> > Hello
> >
> > I'm affected by this upstream bug
> > https://bugzilla.mindrot.org/show_bug.cgi?id=2550
> >
> > Can you apply the patch to 7.2 package?
>
> That is what I did in the very version that you report as being affected
> above!
>
> openssh (1:7.2p2-5) unstable; urgency=medium
>
> * Backport upstream patch to unbreak authentication using lone certificate
> keys in ssh-agent: when attempting pubkey auth with a certificate, if no
> separate private key is found among the keys then try with the
> certificate key itself (thanks, Paul Querna; LP: #1575961).
>
> -- Colin Watson <cjwatson@debian.org> Thu, 28 Apr 2016 01:52:01 +0100
>
> Are you sure that you were affected by this in 1:7.2p2-5, and not in
> 1:7.2p2-4 or earlier versions?
I tested earlier today 1:7.2p2-5 and it failed, I didn't even look at
the changelog, I will test tomorrow again.
--
1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333
keybase: http://keybase.io/gfa
Reply to: