Public bug reported: OpenSSH Client Certificates worked in Ubuntu 15.10 and 14.04 LTS -- but not 16.04.
OpenSSH 7.2.p2 includes a bug in how it loads keys & certificates, and basically will never find the correct private key for an OpenSSH Client Certificate. This is the upstream bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2550 Fix was committed on March 14: https://github.com/openssh/openssh- portable/commit/c38905ba391434834da86abfc988a2b8b9b62477 I've tested with the attached patch, and it allows Client Certificate auth to work at all. ** Affects: openssh (Ubuntu) Importance: Undecided Status: New ** Patch added: "unbreak-certificate-auth.dpatch" https://bugs.launchpad.net/bugs/1575961/+attachment/4649622/+files/unbreak-certificate-auth.dpatch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1575961 Title: OpenSSH Client Certificate Auth Regression Status in openssh package in Ubuntu: New Bug description: OpenSSH Client Certificates worked in Ubuntu 15.10 and 14.04 LTS -- but not 16.04. OpenSSH 7.2.p2 includes a bug in how it loads keys & certificates, and basically will never find the correct private key for an OpenSSH Client Certificate. This is the upstream bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2550 Fix was committed on March 14: https://github.com/openssh/openssh- portable/commit/c38905ba391434834da86abfc988a2b8b9b62477 I've tested with the attached patch, and it allows Client Certificate auth to work at all. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1575961/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
