Bug 1628313
| Summary: | Recent packages of OpenSSH breaks Certificate Authentication for certain servers | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Antonio Dias <accdias> | ||||||
| Component: | openssh | Assignee: | Jakub Jelen <jjelen> | ||||||
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | high | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 28 | CC: | dwalsh, jfch, jjelen, lkundrak, mattias.ellert, plautrba, tmraz | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | x86_64 | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2018-09-13 07:23:56 UTC | Type: | Bug | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Created attachment 1482809 [details]
sshd_config on CentOS 7.5 server
The workaround I'm using is 'sudo dnf downgrade -y openssh', which installs openssh-7.7p1-2.fc28.x86_64, version that is working fine. *** This bug has been marked as a duplicate of bug 1627875 *** |
Created attachment 1482807 [details] ssh -vvvv centos7.5-server output Description of problem: I'm using OpenSSH's certificate based authentication without any problem with openssh-7.7p1-2.fc28.x86_64. As soon as I upgrade it to any new package version, authentication starts to fail when connecting a CentOS 7.5 box but it succeed connecting CentOS 6.10. CentOS 7.5 is using the following OpenSSH package: - openssh-7.4p1-16.el7.x86_64 CentOS 6.10 is using the following OpenSSH package: - openssh-5.3p1-123.el6_9.x86_64 Version-Release number of selected component (if applicable): - Fedora 28 x86_64 - OpenSSH packages after openssh-7.7p1-2.fc28.x86_64 How reproducible: Always reproducible. Steps to Reproduce: 1. Using OpenSSH signed certificates, try to connect a remote host running CentOS/RHEL 7.5, configured to just accept certificates authentication, from a Fedora 28 client, using any OpenSSH package higher than openssh-7.7p1-2.fc28.x86_64. Actual results: Authentication fails with "Permission denied (publickey,gssapi-keyex,gssapi-with-mic)." message Expected results: Authentication succeeds. Additional info: