Bug#1041521: OpenSSH: problematic interaction between GSSAPI Key Exchange and publickey in 8.9p1 and newer

To: "submit@bugs.debian.org" <submit@bugs.debian.org>
Subject: Bug#1041521: OpenSSH: problematic interaction between GSSAPI Key Exchange and publickey in 8.9p1 and newer
From: Sergio Gelato <sergio.gelato@astro.su.se>
Date: Thu, 20 Jul 2023 09:17:34 +0000
Message-id: <[🔎] 30b98865a5e749249d3843f2c95bb133@astro.su.se>
Reply-to: Sergio Gelato <sergio.gelato@astro.su.se>, 1041521@bugs.debian.org

Source: openssh
Version: 1:9.2p1-2

Symptom: ssh fails with "sign_and_send_pubkey: internal error: initial hostkey not recorded".

This issue was reported upstream in https://bugzilla.mindrot.org/show_bug.cgi?id=3406 and rejected because it's a flaw in the GSSAPI key exchange patch. However, Damien Miller was kind enough to provide a hint in Comment 2.

To trigger it, one needs to (a) perform a successful GSSAPI key exchange, (b) attempt public key authentication. (In addition, the client and the server must both have the hostbound authentication protocol extension enabled for the problem to manifest itself. This is on by default in bookworm.) This is probably not a very common combination, but it can happen if one has Kerberos credentials for the correct realm but the wrong user, and a private key for the right user.

I suppose an ambitious developer might try to provide a functional equivalent to the host key binding that leverages the GSSAPI key exchange, instead of Damien Miller's one-statement suggestion.

A likely workaround for affected clients until this gets fixed is to set pubkeyauthentication=unbound as needed.

Reply to:

Prev by Date: openssh_9.3p2-1_source.changes ACCEPTED into unstable
Next by Date: Bug#1042460: openssh-client: ssh-agent CVE-2023-38408
Previous by thread: openssh_9.3p2-1_source.changes ACCEPTED into unstable
Next by thread: Bug#1042460: openssh-client: ssh-agent CVE-2023-38408
Index(es):
- Date
- Thread