#127426 ssh_config "Protocol (A),(B)" B is ignored if only one key in ~/.ssh/authorized_keys

Package:
openssh-client
Source:
openssh
Description:
secure shell (SSH) client, for secure access to remote machines
Submitter:
Glenn McGrath
Date:
2010-01-04 12:33:16 UTC
Severity:
normal
#127426#5
Date:
2002-01-02 07:17:54 UTC
From:
To:
I think this is a bug in upstream, the protocol specified second in the
Procotol line /etc/ssh/ssh_config is ignored if there is only one key in
~/.ssh/authorised_keys

To test this i disable password authentication in /etc/ssh/sshd_config

I specify "Protocol 2,1" in /etc/ssh/ssh_config and do "cat
~/.ssh/identity.pub > ~/.ssh/authorised_keys".

ssh bug1@localhost fails
ssh -1 bug1@localhost works


I specify "Protocol 1,2" in /etc/ssh/ssh_config and do "cat
~/.ssh/id_rsa.pub > ~/.ssh/authorised_keys".

ssh bug1@localhost fails
ssh -2 bug1@localhost works


If i do "cat ~/.ssh/identity.pub ~/.ssh/id_rsa.pub >
~/.ssh/authorised_keys" then everything is fine, i can login using
either protocol irrespective of the order of the Protocol entries in
/etc/ssh/ssh_config.


Heres is some verbose info of success, but requiring the protocl to be
specified on the commandline to override the config file.

bug1@home:~/.ssh$ ssh -vv -1 bug1@localhost
OpenSSH_3.0.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be
trusted. debug1: restore_uid
debug1: ssh_connect: getuid 1000 geteuid 0 anon 1
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: temporarily_use_uid: 1000/1000 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 1000/1000 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/bug1/.ssh/identity type 0
debug1: identity file /home/bug1/.ssh/id_dsa type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/bug1/.ssh/id_rsa type 1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.0.1p1 debug1: match: OpenSSH_3.0.1p1 pat ^OpenSSH
debug1: Local version string SSH-1.5-OpenSSH_3.0.1p1
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'localhost' is known and matches the RSA1 host key.
debug1: Found key in /home/bug1/.ssh/known_hosts:6
debug1: Encryption type: blowfish
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: RSA authentication using agent refused.
debug1: Trying RSA authentication with key '/home/bug1/.ssh/identity'
debug1: Received RSA challenge from server.
Enter passphrase for RSA key '/home/bug1/.ssh/identity':



And here is the output when it tries (and fails) to workout the protocol
from the /etc/ssh/ssh_config file

bug1@home:~/.ssh$ ssh -vv bug1@localhost
OpenSSH_3.0.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be
trusted. debug1: restore_uid
debug1: ssh_connect: getuid 1000 geteuid 0 anon 1
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: temporarily_use_uid: 1000/1000 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 1000/1000 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/bug1/.ssh/identity type 0
debug1: identity file /home/bug1/.ssh/id_dsa type -1
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug2: key_type_from_name: unknown key type 'Proc-Type:'
debug2: key_type_from_name: unknown key type 'DEK-Info:'
debug2: key_type_from_name: unknown key type '-----END'
debug1: identity file /home/bug1/.ssh/id_rsa type 1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.0.1p1 debug1: match: OpenSSH_3.0.1p1 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.0.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2:
kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-
cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysato
r.liu.se debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-
cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysato
r.liu.se debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-
96,hmac-md5-96 debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-
96,hmac-md5-96 debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit: none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug2:
kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-
cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysato
r.liu.se debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-
cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysato
r.liu.se debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-
96,hmac-md5-96 debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-
96,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 129/256
debug1: bits set: 1570/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /home/bug1/.ssh/known_hosts:5
debug1: bits set: 1571/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue:
publickey,password,keyboard-interactive debug1: next auth method to try
is publickey debug2: userauth_pubkey_agent: no keys at all
debug2: userauth_pubkey_agent: no more keys
debug2: userauth_pubkey_agent: no message sent
debug1: try privkey: /home/bug1/.ssh/id_dsa
debug1: try pubkey: /home/bug1/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: authentications that can continue:
publickey,password,keyboard-interactive debug2: userauth_pubkey_agent:
no more keys debug2: userauth_pubkey_agent: no message sent
debug2: we did not send a packet, disable method
debug1: next auth method to try is keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug1: authentications that can continue:
publickey,password,keyboard-interactive debug2: we did not send a
packet, disable method debug1: no more auth methods to try
Permission denied (publickey,password,keyboard-interactive).
debug1: Calling cleanup 0x80633cc(0x0)


/etc/ssh/ssh_conf after removing comments is

Host *
   ForwardAgent yes
   ForwardX11 yes
   RhostsRSAAuthentication yes
   RSAAuthentication yes
   PasswordAuthentication no
  IdentityFile ~/.ssh/identity
  IdentityFile ~/.ssh/id_dsa
  IdentityFile ~/.ssh/id_rsa
  Port 22
  Protocol 2,1
  Cipher blowfish
  EscapeChar ~