Bug 653750

Summary:	net-misc/openssh-7.7_p1-r1: authorized_keys parsing regression locks users out
Product:	Gentoo Linux	Reporter:	Hector Martin <marcan>
Component:	Current packages	Assignee:	Gentoo's Team for Core System packages <base-system>
Status:	RESOLVED FIXED
Severity:	critical	CC:	robbat2
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Hector Martin 2018-04-22 00:56:59 UTC

Opening this as critical because it can irrecoverably lock users out of their systems.

This regression:
https://github.com/openssh/openssh-portable/commit/40f5f03544a07ebd2003b443d42e85cb51d94d59

made it so that authorized_keys entries of this form fail to parse, due to the underscore in the variable name:
environment="FOO_VARIABLE=value" <key data>

This results in the key being ignored, making login impossible. This is a major regression. Additionally, the error message goes nowhere by default. You need to start sshd in debug mode to see it.

Comment 1 Larry the Git Cow gentoo-dev

2018-04-22 17:13:54 UTC

The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a2c265c28007211dd1ee4096259a8f0aa6d48ef0

commit a2c265c28007211dd1ee4096259a8f0aa6d48ef0
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2018-04-22 17:13:30 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2018-04-22 17:13:46 +0000

    net-misc/openssh: Rev bump to add patches
    
    Ebuild changes:
    ===============
    - Added patches for various upstream issues like
      bug 2840, 2835, 2851, 2837, 2855, 2719.
    
    Closes: https://bugs.gentoo.org/653750
    Closes: https://bugs.gentoo.org/653008
    Package-Manager: Portage-2.3.31, Repoman-2.3.9

 net-misc/openssh/Manifest                 |   1 +
 net-misc/openssh/openssh-7.7_p1-r2.ebuild | 426 ++++++++++++++++++++++++++++++
 2 files changed, 427 insertions(+)