bin/58369: sshd blocklistd integration spuriously blocks legitimate users with multiple public keys

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/58369: sshd blocklistd integration spuriously blocks legitimate users with multiple public keys
From: campbell+netbsd%mumble.net@localhost
Date: Tue, 25 Jun 2024 13:30:01 +0000 (UTC)

>Number:         58369
>Category:       bin
>Synopsis:       sshd blocklistd integration spuriously blocks legitimate users with multiple public keys
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Jun 25 13:30:01 +0000 2024
>Originator:     Taylor R Campbell
>Release:        current, 10, 9
>Organization:
The NetBSD FoundConnection timed out
>Environment:
>Description:
sshd blocklistd integration treats every failed key as an authentication failure.  This spuriously blocks legitimate users who just have multiple public keys, e.g. with ssh-agent.
>How-To-Repeat:
1. load multiple public keys into ssh-agent
2. try to log into machine running sshd with blocklistd
>Fix:
ding the connection once if authentication fails at the end, not once per key

Prev by Date: bin/58368: sshd blocklistd integration doesn't make blocking reasons clear
Next by Date: Re: port-amd64/58366: KASLR broken
Previous by Thread: bin/58368: sshd blocklistd integration doesn't make blocking reasons clear
Next by Thread: kern/58370: Do not disable ALTINST for VIA C7 and above CPUs
Indexes:

Home | Main Index | Thread Index | Old Index