Description of problem: Regression in certificate based authentication in openssh 7.2. upstream bug (with fix): https://bugzilla.mindrot.org/show_bug.cgi?id=2550 (same bug on ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1575961 ) Version-Release number of selected component (if applicable): openssh 7.2, commit 4e44a79a07d4b88b6a4e5e8c1bed5f58c841b1b8 How reproducible: 100% Steps to Reproduce: 1. Load certificate with private key into agent, but don't load the private key separately 2. attempt to authenticate. 3. Actual results: Certificate is rejected, and authentication fails Expected results: Certificate is seen as certified, and authentication succeeds. Additional info: This bug also affects users not using ssh-agent when using using IdentityFile when a <key>-cert.pub is found because of the ordering dependency in authctxt.
Thank you for the report. It sounds reasonable to fix this. I will provide update soon.
openssh-7.2p2-7.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-57cec0322d
openssh-7.2p2-7.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-57cec0322d
openssh-7.2p2-7.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.