Learn more about these different git repos.
Other Git URLs
ssh reads the public keys from sss_ssh_authorizedkeys in chunks and looks for a matching key in each of the chunks. If a matching key is found, then the pipe to sss_ssh_authorizedkey is closed, which causes sss_ssh_authorizedkey to receive SIGPIPE and terminate abnormally, which in turn causes the pubkey authentication to fail.
Note that in some distributions, notably RHEL-7, this bug was only recently triggered by a patch added to openssh in RHEL-7.5, so for all intents and purposes, users of RHEL-7.5 consider this a regression.
In order to trigger this bug, the amount of keys must be larger than the chunk openssh reads (16kb) and the matching key must be present in the first chunk.
I managed to reproduce the bug with about 30 keys the user had.
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1583343
Issue linked to Bugzilla: Bug 1583343
PR: https://github.com/SSSD/sssd/pull/586
Metadata Update from @jhrozek: - Issue tagged with: PR
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 1.16.3
master: 1575ec9 56cda83 804c5b5 cb138d7 909c16e 4cc3c1a
Metadata Update from @fidencio: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4754
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.