From owner-freebsd-bugs  Thu Sep  7 17:40: 5 2000
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 61A5F37B424
	for <freebsd-bugs@FreeBSD.org>; Thu,  7 Sep 2000 17:40:01 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id RAA44421;
	Thu, 7 Sep 2000 17:40:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from monsta.privatelabs.com (ppp197.max-01.intercom.com [198.143.0.197])
	by hub.freebsd.org (Postfix) with ESMTP id 2676237B422
	for <FreeBSD-gnats-submit@freebsd.org>; Thu,  7 Sep 2000 17:34:25 -0700 (PDT)
Received: (from mi@localhost)
	by monsta.privatelabs.com (8.9.3/8.9.3) id UAA71332;
	Thu, 7 Sep 2000 20:32:32 -0400 (EDT)
	(envelope-from mi)
Message-Id: <200009080032.UAA71332@monsta.privatelabs.com>
Date: Thu, 7 Sep 2000 20:32:32 -0400 (EDT)
From: Mikhail Teterin <mi@monsta.privatelabs.com>
Reply-To: mi@aldan.algebra.com
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: bin/21100: sshd does not consider authorized_keys2 unless 2 is the _only_ protocol
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         21100
>Category:       bin
>Synopsis:       sshd does not consider authorized_keys2 unless 2 is the _only_ protocol
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Sep 07 17:40:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Mikhail Teterin
>Release:        FreeBSD 4.1-RC i386
>Organization:
Virtual Estates, Inc.
>Environment:

>Description:

	A particular account wishes to only use DSA keys and hence the
	SSH2 protocol. Unfortunately, sshd does not even look at the
	~/.ssh/authorized_keys2 unless the /etc/ssh/sshd_config states
	``Protocol 2''. Listing (as the man-page suggests) both 1 and 2
	on the line does not work -- the server insists on password.

	Removing 1 helps (and proves that everything else is configured
	properly), but prevents other accounts from logging in using older
	ssh-clients.

>How-To-Repeat:

	See description.

>Fix:

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message