View Issue Details

IDProjectCategoryView StatusLast Update
0015718CentOS-6opensshpublic2019-01-17 21:03
Reporterdmaziuk 
PrioritynormalSeveritymajorReproducibilityalways
Status newResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0015718: AuthorizedKeysCommand is ignored by sshd
DescriptionConfig:
----------

AuthorizedKeysCommand /etc/ssh/cat_keys_d.sh %u
AuthorizedKeysCommandRunAs %u

The script:
----------------

#!/bin/sh
for i in `ls "/home/${1}/.ssh/authorized_keys.d/"`
do
    cat "/home/${1}/.ssh/authorized_keys.d/$i"
done

Debug (sshd -ddd):
-----------------------------

debug3: /etc/ssh/sshd_config:53 setting AuthorizedKeysCommand /etc/ssh/cat_keys_d.sh %u
debug3: /etc/ssh/sshd_config:54 setting AuthorizedKeysCommandRunAs %u
...
debug1: userauth-request for user web service ssh-connection method publickey
debug1: attempt 1 failures 0
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 21
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 22
debug3: mm_request_receive entering
debug3: monitor_read: checking request 21
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x56542d414560
user_key_via_command_allowed2: getpwnam("%u"): Success
debug1: temporarily_use_uid: 100/101 (e=0/0)
debug1: trying public key file /home/web/.ssh/authorized_keys
debug1: Could not open authorized keys '/home/web/.ssh/authorized_keys': No such file or directory
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 100/101 (e=0/0)
debug1: trying public key file /home/web/.ssh/authorized_keys2
debug1: Could not open authorized keys '/home/web/.ssh/authorized_keys2': No such file or directory
debug1: restore_uid: 0/0
Failed publickey for web from 144.92.167.190 port 53874 ssh2
debug3: mm_answer_keyallowed: key 0x56542d414560 is not allowed
debug3: mm_request_send entering: type 22
debug3: mm_request_receive entering
debug2: userauth_pubkey: authenticated 0 pkalg ssh-rsa
debug3: Wrote 72 bytes for a total of 2429
debug1: userauth-request for user web service ssh-connection method publickey
debug1: attempt 2 failures 1
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 21
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 22
debug3: mm_request_receive entering
debug3: monitor_read: checking request 21
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x56542d414680
user_key_via_command_allowed2: getpwnam("%u"): Success
debug1: temporarily_use_uid: 100/101 (e=0/0)
debug1: trying public key file /home/web/.ssh/authorized_keys
debug1: Could not open authorized keys '/home/web/.ssh/authorized_keys': No such file or directory
debug1: restore_uid: 0/0
debug1: temporarily_use_uid: 100/101 (e=0/0)
debug1: trying public key file /home/web/.ssh/authorized_keys2
debug1: Could not open authorized keys '/home/web/.ssh/authorized_keys2': No such file or directory
debug1: restore_uid: 0/0
Failed publickey for web from 144.92.167.190 port 53874 ssh2

I.e. the settings are accepted at startup and seem to be cvompletely ignored on connection attempts.
TagsNo tags attached.

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-01-17 21:03 dmaziuk New Issue