Hey everyone, I can confirm the fix has been tested by our friends at Google (Anthos) for Focal 20.04, using the same patch used in 1:8.2p1-4ubuntu0.4 but *not* by using the package from focal-proposed itself. Hopefully this still suffices? Please let me know if not and I'll re-run the verification again using an instance pulling from focal-proposed.
[RATIONALE] Need SSH to authenticate a ``HostCertificate`` and an SSH agent that holds the corresponding host private key. The sshd_config has the following directives: -- HostCertificate the public host certificate whose public key matches the private key stored in the ssh agent -- HostKey the public key of the host keypair -- HostKeyAgent the socket of the ssh agent that holds the host private key Before the patch, this combination didn't work - even though it authenticated successfully the setup behaved as if ``HostCertificate`` was never configured (i.e. it authenticated using only the public key and the private key in the ssh agent). [VERIFICATION OF FIX] ```` sh-agent -a /path/agent-socket SSH_AUTH_SOCK=/path/agent-socket ssh-add -k /path/hostkey ```` Then ran ``sshd`` with: ```` HostCertificate /path/hostkey-cert.pub HostKey /path/hostkey.pub HostKeyAgent /path/agent-socket ```` Then configured the CA trust anchor on the client's side. (localhost was used, but it would be the same if a second host is used as a client) ```` ssh -vv localhost ```` shows the host certificate was seen and used. ** Tags removed: verification-needed-focal ** Tags added: verification-done-focal -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1952421 Title: Issue on sshd finds correct private key for a certificate when using ssh-agent To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1952421/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
