I tested openssh (1:9.6p1-3ubuntu13.9) from noble-proposed, according to
"Test Plan 2". Looking good!
[ Test Plan 2 ]
###Set up a Noble LXD container & install openssh-server from proposed:
root@nnsru:~# apt list *openssh-server*
Listing... Done
openssh-server/noble-proposed,now 1:9.6p1-3ubuntu13.9 amd64 [installed]
root@nnsru:~# adduser test
info: Adding user `test' ...
info: Selecting UID/GID from range 1000 to 59999 ...
info: Adding new group `test' (1001) ...
info: Adding new user `test' (1001) with group `test (1001)' ...
info: Creating home directory `/home/test' ...
info: Copying files from `/etc/skel' ...
New password: [test]
Retype new password: [test]
passwd: password updated successfully
Changing the user information for test
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]
info: Adding new user `test' to supplemental / extra groups `users' ...
info: Adding user `test' to group `users' ...
### Adopt SSH config & restart service
root@nnsru:~# vim /etc/ssh/sshd_config.d/60-cloudimg-settings.conf
root@nnsru:~# grep -R PasswordAuthentication /etc/ssh/
/etc/ssh/ssh_config:# PasswordAuthentication yes
/etc/ssh/sshd_config.d/60-cloudimg-settings.conf:PasswordAuthentication yes
/etc/ssh/sshd_config:#PasswordAuthentication yes
/etc/ssh/sshd_config:# PasswordAuthentication. Depending on your PAM
configuration,
/etc/ssh/sshd_config:# PAM authentication, then enable this but set
PasswordAuthentication
root@nnsru:~# systemctl restart ssh.service
root@nnsru:~# ip a show eth0
199: eth0@if200: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UP group default qlen 1000
link/ether 00:16:3e:04:41:7d brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.238.94.186/24 metric 100 brd 10.238.94.255 scope global dynamic eth0
valid_lft 3319sec preferred_lft 3319sec
inet6 fd42:7213:f20e:bd74:216:3eff:fe04:417d/64 scope global mngtmpaddr
noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::216:3eff:fe04:417d/64 scope link
valid_lft forever preferred_lft forever
### From the host (password login OK):
$ ssh [email protected]
The authenticity of host '10.238.94.186 (10.238.94.186)' can't be established.
ED25519 key fingerprint is SHA256:t2qgSMbZOw1Pm6PXVOL5lXYCtD/JDBUoJZjwygRshNs.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.238.94.186' (ED25519) to the list of known hosts.
[email protected]'s password: [test]
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
test@nnsru:~$ ssh-import-id-lp slyon
2025-03-10 14:17:08,923 INFO Authorized key ['4096',
'SHA256:sciOAYEEOgZuev6e/fxLpojXxsiZsJPzn1Jk8LaYvVg',
'[email protected]', '(RSA)']
2025-03-10 14:17:08,923 INFO [1] SSH keys [Authorized]
### From the host (pubkey login OK):
$ ssh -i ~/.ssh/canonical_id_rsa [email protected]
Enter passphrase for key '/home/lukas/.ssh/canonical_id_rsa':
Welcome to Ubuntu 24.04.2 LTS (GNU/Linux 6.8.0-54-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/pro
System information as of Mon Mar 10 14:18:23 UTC 2025
System load: 1.57
Usage of /: 69.8% of 294.23GB
Memory usage: 0%
Swap usage: 0%
Temperature: 49.0 C
Processes: 29
Users logged in: 1
IPv4 address for eth0: 10.238.94.186
IPv6 address for eth0: fd42:7213:f20e:bd74:216:3eff:fe04:417d
Expanded Security Maintenance for Applications is not enabled.
0 updates can be applied immediately.
Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status
Last login: Mon Mar 10 14:16:57 2025 from 10.238.94.1
test@nnsru:~$
=> All working as expected!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2028282
Title:
[SRU] SSH pubkey authetication fails when GSSAPI enabled
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2028282/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
