Changeset 1739


Ignore:
Timestamp:
Nov 20, 2010, 9:15:16 PM (13 years ago)
Author:
mitchb
Message:
Eliminate spurious opsnssh error messages related to public keys

If the following conditions apply:
  o Someone attempt to authenticate to an account with an ssh key
  o The account has an authorized_keys file
  o Entries in authorized_keys have restrictions (i.e. "from=" clauses)
  o The attempted key matches the type (RSA/DSA) of the restricted key(s)
  o The attempted key is not actually one of the authorized keys

You will get a spurious error message that claims:
  "Authentication tried for _____ with correct key but not from a
   permitted host (host=______, ip=________)."
even though there is no correct key involved.

This is OpenSSH bug 1765 (https://bugzilla.mindrot.org/show_bug.cgi?id=1765)
and the patch is backported from the one committed in that ticket
(https://bugzilla.mindrot.org/attachment.cgi?id=1848).
Location:
trunk/server
Files:
1 added
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/server/fedora/specs/openssh.spec.patch

    r1693 r1739  
    1010 #URL1: http://pamsshagentauth.sourceforge.net
    1111 #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
    12 @@ -88,6 +88,7 @@
     12@@ -88,6 +88,8 @@
    1313 Source3: sshd.init
    1414 Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2
    1515 Source5: pam_ssh_agent-rmheaders
    1616+Patch1001: openssh-4.7p1-gssapi-name-in-env.patch
     17+Patch1002: openssh-no-spurious-correct-key-incorrect-host-messages.patch
    1718 Patch0: openssh-5.4p1-redhat.patch
    1819 Patch2: openssh-5.3p1-skip-initial.patch
    1920 Patch4: openssh-5.2p1-vendor.patch
    20 @@ -175,6 +177,7 @@
     21@@ -175,6 +178,7 @@
    2122 Requires(post): chkconfig >= 0.9, /sbin/service
    2223 Requires(pre): /usr/sbin/useradd
     
    2627 %package askpass
    2728 Summary: A passphrase dialog for OpenSSH and X
    28 @@ -267,6 +270,8 @@
     29@@ -267,6 +271,9 @@
    2930 %patch75 -p1 -b .dso
    3031 %patch76 -p1 -b .bz595935
    3132 
    3233+%patch1001 -p1 -b .gssapi-env
     34+%patch1002 -p1 -b .no-spurious-correct-key-incorrect-host-messages
    3335+
    3436 autoreconf
Note: See TracChangeset for help on using the changeset viewer.