Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Bug in RSA key management - login possible with random RSA private key #1357
What did you try to do?
I have installed privacyidea v2.23.3 from repo on Ubuntu 16 EC2 instance.
I want test my configuration so I have installed
After that I was able to successfully run
What outcome did you expect?
I have also think that now I be able to login only with my private RSA key that match public key uploaded to privacyidea server.
What outcome did you experience?
Instead I was able to login with any private RSA key.
Turn on debug level and take a look at the privacyidea.log!
I think there might be a misunderstanding with the ssh server here.
You did right, when running the command
this command would be triggered by the sshd during a login attempt. ubuntu is the login name of the user who is currently trying to login in. If this command does only return the single SSH key, the ssh daemon also will only trust this single SSH key as far as privacyIDEA is concerned. All ssh keys, that are returned by this command will be allowed for login.
But note: that the ssh server still check the
You may also check the audit log in privacyIDEA for the calls to
One last note, but I think you are aware of this: The
Thanks for quick answer.
All calls to
Today I will try to test RSA key check against older version of privacyidea server.
Yes I am logging as ubuntu user with command
So to sum up: you configured privacyidea this way, that only the one correct pubkey is returned.
But you can login with "other" private keys. Honestly, this realy sounds a bit strange to me, as if you were something missing.
I recommend the following: