SSH key based authentication allows arbitrary keys

[mroethke]

When using key based authentication with the ssh transport I can use arbitrary keys for client authentication to get access. I have not enabled key bypass.

I use the following parameters: gortr -ssh.bind :8222 -ssh.key private.pem -ssh.method.key=true -ssh.auth.key.bypass=false Log:

INFO[0000] Enabling ssh with the following authentications: password=false, key=true
INFO[0000] New update (110681 uniques, 110681 total prefixes). 0 bytes. Updating sha256 hash  -> f1c5bb18533dff9e834f3d3e57fe7cb12dcab61ac351c46fa637bb443ebbacb6
INFO[0000] Updated added, new serial 1
INFO[0002] Accepted ssh connection from [::1]:56562 (1/0)
INFO[0002] Connected (ssh-key): rpki/[::1]:56562 with key ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO77IFY4o2cowu+4U0Sdq153N6X9baZu3MMX0W/TJYOfJzIxq07ZEhmOilyCj2XTE4ylLvk/7YG0G4BaFcQi9ec (matched with line 1)

The behavior is the same when explicitly providing an empty file with -ssh.auth.key.file /dev/null

If the authorized_keys file is not empty, unlisted keys will match on the the last line + 1.

This was tested with the rtrclient from rtrlib/rtrlib using the command rtrclient ssh localhost 8222 rpki $private_key

Versions: gortr: 0.11.4 rtrlib: current master (rtrlib/rtrlib@4828e6c04905408a0cc6f1ca22fab634e3037124)

[lspgn]

Managed to reproduce it. Problem comes from iterating the authorized keys: if no key are found in the file (same format as .ssh/authorized_keys) it is actually matching everything. Will make a PR to avoid this.