1628313 – Recent packages of OpenSSH breaks Certificate Authentication for certain servers

Bug 1628313 - Recent packages of OpenSSH breaks Certificate Authentication for certain servers

Summary: Recent packages of OpenSSH breaks Certificate Authentication for certain servers

Keywords:
Status:	CLOSED DUPLICATE of bug 1627875
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	openssh
Sub Component:
Version:	28
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Jakub Jelen
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-09-12 18:07 UTC by Antonio Dias
Modified:	2018-09-13 07:23 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-09-13 07:23:56 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
ssh -vvvv centos7.5-server output (10.45 KB, text/plain) 2018-09-12 18:07 UTC, Antonio Dias	no flags	Details
sshd_config on CentOS 7.5 server (4.12 KB, text/plain) 2018-09-12 18:08 UTC, Antonio Dias	no flags	Details
View All

Description Antonio Dias 2018-09-12 18:07:10 UTC

Created attachment 1482807 [details]
ssh -vvvv centos7.5-server output

Description of problem:

I'm using OpenSSH's certificate based authentication without any problem with openssh-7.7p1-2.fc28.x86_64. As soon as I upgrade it to any new package version, authentication starts to fail when connecting a CentOS 7.5 box but it succeed connecting CentOS 6.10.

CentOS 7.5 is using the following OpenSSH package:

- openssh-7.4p1-16.el7.x86_64

CentOS 6.10 is using the following OpenSSH package:

- openssh-5.3p1-123.el6_9.x86_64

Version-Release number of selected component (if applicable):

- Fedora 28 x86_64
- OpenSSH packages after openssh-7.7p1-2.fc28.x86_64

How reproducible:

Always reproducible.


Steps to Reproduce:
1. Using OpenSSH signed certificates, try to connect a remote host running CentOS/RHEL 7.5, configured to just accept certificates authentication, from a Fedora 28 client, using any OpenSSH package higher than openssh-7.7p1-2.fc28.x86_64.


Actual results:

Authentication fails with "Permission denied (publickey,gssapi-keyex,gssapi-with-mic)." message

Expected results:

Authentication succeeds.


Additional info:

Comment 1 Antonio Dias 2018-09-12 18:08:18 UTC

Created attachment 1482809 [details]
sshd_config on CentOS 7.5 server

Comment 2 Antonio Dias 2018-09-12 18:10:39 UTC

The workaround I'm using is 'sudo dnf downgrade -y openssh', which installs openssh-7.7p1-2.fc28.x86_64, version that is working fine.

Comment 3 Jakub Jelen 2018-09-13 07:23:56 UTC


*** This bug has been marked as a duplicate of bug 1627875 ***

Note You need to log in before you can comment on or make changes to this bug.