Re: bin/58369 (sshd blocklistd integration spuriously blocks legitimate users with multiple public keys)

To: christos%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost, campbell+netbsd%mumble.net@localhost
Subject: Re: bin/58369 (sshd blocklistd integration spuriously blocks legitimate users with multiple public keys)
From: "Rin Okuyama via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Fri, 4 Oct 2024 09:40:01 +0000 (UTC)

The following reply was made to PR bin/58369; it has been noted by GNATS.

From: Rin Okuyama <rokuyama.rk%gmail.com@localhost>
To: gnats-bugs%netbsd.org@localhost, christos%netbsd.org@localhost, gnats-admin%netbsd.org@localhost,
 netbsd-bugs%netbsd.org@localhost, riastradh%NetBSD.org@localhost, campbell+netbsd%mumble.net@localhost
Cc: 
Subject: Re: bin/58369 (sshd blocklistd integration spuriously blocks
 legitimate users with multiple public keys)
Date: Fri, 4 Oct 2024 18:36:55 +0900

 Hi,

 This problem still occurs for some TNF servers. So,
 pullup should be done asap.

 Diff applies cleanly both to netbsd-{10,9}, builds, and
 works just fine as far as I can see.

 However, I cannot reproduce the problem locally; even if
 logit()'s are inserted locations of originally-misplaced
 pfilter_notify()'s, nothing is logged when login from
 client with multiple keys. abort() instead of logit()
 does not work also...

 For client side, it surely fails for the first key:

 ````
 % ssh -vvvv (target)
 ...
 debug1: Offering public key: /home/rin/.ssh/id_rsa RSA SHA256:(snip) agent
 debug1: Authentications that can continue: 
 publickey,password,keyboard-interactive
 debug1: Offering public key: /home/rin/.ssh/id_ed25519 ED25519 
 SHA256:(snip) agent
 debug1: Server accepts key: /home/rin/.ssh/id_ed25519 ED25519 
 SHA256:(snip) agent
 Authenticated to (target) ([(target)]:22) using "publickey".
 ...
 ````

 Thoughts? Can I send pullup requests anyway?

 Thanks,
 rin

 On 2024/06/30 2:16, riastradh%NetBSD.org@localhost wrote:
 > Synopsis: sshd blocklistd integration spuriously blocks legitimate users with multiple public keys
 > 
 > Responsible-Changed-From-To: bin-bug-people->christos
 > Responsible-Changed-By: riastradh%NetBSD.org@localhost
 > Responsible-Changed-When: Sat, 29 Jun 2024 17:16:14 +0000
 > Responsible-Changed-Why:
 > christos's bug, christos's fix
 > https://mail-index.netbsd.org/source-changes/2024/06/25/msg151965.html
 > 
 > 
 > State-Changed-From-To: open->needs-pullups
 > State-Changed-By: riastradh%NetBSD.org@localhost
 > State-Changed-When: Sat, 29 Jun 2024 17:16:14 +0000
 > State-Changed-Why:
 > needs pullup-10, pullup-9
 > 
 >

Prev by Date: Re: bin/58369 (sshd blocklistd integration spuriously blocks legitimate users with multiple public keys)
Next by Date: Re: kern/58715: cpu0: softints stuck for 16 seconds
Previous by Thread: Re: bin/58369 (sshd blocklistd integration spuriously blocks legitimate users with multiple public keys)
Next by Thread: Re: bin/58369 (sshd blocklistd integration spuriously blocks legitimate users with multiple public keys)
Indexes:

Home | Main Index | Thread Index | Old Index