The strings.HasPrefix() call was used with flipped argument order, allowing to match incomplete rows in the authorized_keys file to any key matching that prefix. In worst case, a line like
ecdsa-sha2-nistp256
with no key at all would match all keys of that type.
On the other hand, when the key was followed by a comment (or anything else) as is common in authorized_keys files, it wasn't matched at all.
The
strings.HasPrefix()call was used with flipped argument order, allowing to match incomplete rows in theauthorized_keysfile to any key matching that prefix. In worst case, a line likeecdsa-sha2-nistp256with no key at all would match all keys of that type.
On the other hand, when the key was followed by a comment (or anything else) as is common in
authorized_keysfiles, it wasn't matched at all.