Bug#609546: possibel bug in sshd: pubkey auth does not more work if ${HOME} is NFS

[Michelle Konzack]

Package: openssh-server
Version: 1:5.1p1-5
Severity: important

Hello Maintainers,

my Workstation is running an up-to-date  Lenny  and  last  year  I  have
upgraded my intranet server from Etch  to  Lenny  and  now  sshd  stoped
working with pubkey authentication.

I had asked on mailinglists, and they told me to  remove  the  passowrd,
but this can not be, because the exact same pubkey  is  on  my  VServers
arround the world and I can log into WITHOUT A PASSWORD.

Now I have made a test and it seems, the error is in sshd.

If the remote side has only the "authorized_keys" all is  working  fine,
but if the ~/.ssh/ has "authorized_keys" AND "id_dsa.pub" and  the  same
contents, pubkey autentication fails and I am forced to use a password.

I have instaledmy bubkey on another user in the intranet server  and  oh
wonder, I do not need a password.

So, it seems to me like an error.

Or is there a new option to activate the old behaviour?

Thanks, Greetings and nice Day/Evening
    Michelle Konzack
    Debian GNU/Linux Consultant


-- System Information:
Debian Release: 5.0.7
  APT prefers stable
  APT policy: (1000, 'stable'), (900, 'proposed-updates'), (900, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages openssh-server depends on:
ii  adduser         3.110                    add and remove users and groups
ii  debconf [debcon 1.5.24                   Debian configuration management sy
ii  dpkg            1.14.31                  Debian package management system
ii  libc6           2.7-18lenny6             GNU C Library: Shared libraries
ii  libcomerr2      1.41.3-1                 common error description library
ii  libkrb53        1.6.dfsg.4~beta1-5lenny6 MIT Kerberos runtime libraries
ii  libpam-modules  1.0.1-5+lenny1           Pluggable Authentication Modules f
ii  libpam-runtime  1.0.1-5+lenny1           Runtime support for the PAM librar
ii  libpam0g        1.0.1-5+lenny1           Pluggable Authentication Modules l
ii  libselinux1     2.0.65-5                 SELinux shared libraries
ii  libssl0.9.8     0.9.8g-15+lenny11        SSL shared libraries
ii  libwrap0        7.6.q-16                 Wietse Venema's TCP wrappers libra
ii  lsb-base        3.2-20                   Linux Standard Base 3.2 init scrip
ii  openssh-blackli 0.4.1                    list of default blacklisted OpenSS
ii  openssh-client  1:5.1p1-5                secure shell client, an rlogin/rsh
ii  procps          1:3.2.7-11               /proc file system utilities
ii  zlib1g          1:1.2.3.3.dfsg-12        compression library - runtime

Versions of packages openssh-server recommends:
ii  openssh-blacklist-extra       0.4.1      list of non-default blacklisted Op
ii  xauth                         1:1.0.3-2  X authentication utility

Versions of packages openssh-server suggests:
pn  molly-guard                   <none>     (no description available)
pn  rssh                          <none>     (no description available)
pn  ssh-askpass                   <none>     (no description available)

-- debconf information:
  ssh/vulnerable_host_keys:
  ssh/new_config: true
* ssh/use_old_init_script: true
  ssh/encrypted_host_key_but_no_keygen:
  ssh/disable_cr_auth: false





-- 
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack   Apt. 917                  ICQ #328449886
+49/177/9351947    50, rue de Soultz         MSN LinuxMichi
+33/6/61925193     67100 Strasbourg/France   IRC #Debian (irc.icq.com)

signature.pgp
Description: Digital signature