Package: openssh-server Severity: normal Tags: stretch
Steps to Reproduce: 1) Have a Debian Stretch amd64 in place 2) Have the packages openssh-* of previous release 1:7.4p1-10+deb9u6 installed: apt install openssh-server=1:7.4p1-10+deb9u6 openssh-sftp-server=1:7.4p1-10+deb9u6 openssh-client=1:7.4p1-10+deb9u6 3) Have an 8k and a 16k ssh-key pair in place and install the public key on the test system 4) Login with the 8k private key: ssh -i /home/myhome/.ssh/id_rsa_8k Result: login successful with public key authentication 5) Login with the 16k private key: ssh -i /home/myhome/.ssh/id_rsa_16k Result: login successful with public key authentication 6) upgrade openssh-* packages to current release 1:7.4p1-10+deb9u7: apt install openssh-server=1:7.4p1-10+deb9u7 openssh-sftp-server=1:7.4p1-10+deb9u7 openssh-client=1:7.4p1-10+deb9u7 7) Login with the 8k private key: ssh -i /home/myhome/.ssh/id_rsa_8k Result: login fails: Permission denied (publickey). 8) 5) Login with the 16k private key: ssh -i /home/myhome/.ssh/id_rsa_16k Result: login successful with public key authentication Colleagues of mine use 4k key pairs which works fine with the current openssh-* release 1:7.4p1-10+deb9u7 Please have a look. Thank you, Jürgen
