Re: bin/58369 (sshd blocklistd integration spuriously blocks legitimate users with multiple public keys)

[Rin Okuyama <rokuyama.rk%gmail.com@localhost>]

Hi,

This problem still occurs for some TNF servers. So,
pullup should be done asap.

Diff applies cleanly both to netbsd-{10,9}, builds, and
works just fine as far as I can see.

However, I cannot reproduce the problem locally; even if
logit()'s are inserted locations of originally-misplaced
pfilter_notify()'s, nothing is logged when login from
client with multiple keys. abort() instead of logit()
does not work also...

For client side, it surely fails for the first key:

````
% ssh -vvvv (target)
...
debug1: Offering public key: /home/rin/.ssh/id_rsa RSA SHA256:(snip) agent
debug1: Authentications that can continue: 
publickey,password,keyboard-interactive
debug1: Offering public key: /home/rin/.ssh/id_ed25519 ED25519 
SHA256:(snip) agent
debug1: Server accepts key: /home/rin/.ssh/id_ed25519 ED25519 
SHA256:(snip) agent
Authenticated to (target) ([(target)]:22) using "publickey".
...
````

Thoughts? Can I send pullup requests anyway?

Thanks,
rin

On 2024/06/30 2:16, riastradh%NetBSD.org@localhost wrote:
> Synopsis: sshd blocklistd integration spuriously blocks legitimate users with multiple public keys
>
> Responsible-Changed-From-To: bin-bug-people->christos
> Responsible-Changed-By: riastradh%NetBSD.org@localhost
> Responsible-Changed-When: Sat, 29 Jun 2024 17:16:14 +0000
> Responsible-Changed-Why:
> christos's bug, christos's fix
> https://mail-index.netbsd.org/source-changes/2024/06/25/msg151965.html
>
>
> State-Changed-From-To: open->needs-pullups
> State-Changed-By: riastradh%NetBSD.org@localhost
> State-Changed-When: Sat, 29 Jun 2024 17:16:14 +0000
> State-Changed-Why:
> needs pullup-10, pullup-9