Can I disable duplicate public key check from dropbear client?
M Rubon
rubonmtz at gmail.com
Fri Feb 21 03:14:00 AWST 2020
When I use dropbear client, it causes a duplicate public key check on
the openssh server. Is there any way of preventing this separate
[preauth] check from happening? For my application it is very
useful to have the authentication attempted just once.
A StackExchange comment (dave_thompson_085 on
https://superuser.com/q/1116927 ) to a different SSH question notes
that
> The [preauth] on those log lines and the Postponed result (both) mean
> the client sent authreq with method=publickey and boolean=FALSE to "query"
> whether the pubkey "would be acceptable" (see rfc4252 section 7).
This matches what I see in the OpenSSH logs below.
I checked and do not see this [preauth] when I do the same connection
from an OpenSSH client.
Mike
I am connecting from my router using dropbear. The command I use is
ssh -i .ssh/id_rsa fast at cat
On the OpenSSH server I see:
Feb 19 15:41:09 cat sshd[17906]: Accepted key RSA
SHA256:iJN19jufdHFey0pwLK70PqgV3rgT99iQaWVmY7M8qZ0 found at
/home/fast/.ssh/authorized_keys:16
Feb 19 15:41:09 cat sshd[17906]: Postponed publickey for fast from
45.78.113.202 port 48930 ssh2 [preauth]
Feb 19 15:41:09 cat sshd[17906]: Accepted key RSA
SHA256:iJN19jufdHFey0pwLK70PqgV3rgT99iQaWVmY7M8qZ0 found at
/home/fast/.ssh/authorized_keys:16
Feb 19 15:41:09 cat sshd[17906]: Accepted publickey for fast from
45.78.113.202 port 48930 ssh2: RSA
SHA256:iJN19jufdHFey0pwLK70PqgV3rgT99iQaWVmY7M8qZ0
Feb 19 15:41:09 cat sshd[17906]: pam_unix(sshd:session): session
opened for user fast by (uid=0)
More information about the Dropbear
mailing list