I have been told this works, so I assume I am the only one affected by this error. For me and apparently only me, 12.1 will not accept a key on ssh login. So no need to fix the man page but I thought I would document these system as the sole anomaly. Calling system: uname -a FreeBSD artemis.boltsys.com 11.3-RELEASE-p5 FreeBSD 11.3-RELEASE-p5 #0: Tue Nov 12 08:59:04 UTC 2019 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64 ls .ssh/ ./ id_rsa id_rsa3 ../ id_rsa.pub id_rsa3.pub authorized_keys2 id_rsa2 known_hosts config id_rsa2.pub oldkeys/ Called system: uname -a FreeBSD freeport.boltsys.com 12.1-RELEASE-p8 FreeBSD 12.1-RELEASE-p8 GENERIC amd64 ls .ssh ./ config known_hosts ../ id_rsa authorized_keys2 id_rsa.pub ====================== On artemis: ssh freeport Password for doug@freeport.boltsys.com: =============== freeport:~> mv .ssh/authorized_keys2 .ssh/authorized_keys freeport:~> ls .ssh/ ./ config known_hosts ../ id_rsa authorized_keys id_rsa.pub ========================= and back to artemis artemis:~> ssh freeport X11 forwarding request failed on channel 0 Last login: Wed Aug 26 00:44:55 2020 from 192.168.2.102 FreeBSD 12.1-RELEASE-p8 GENERIC Welcome to FreeBSD! Release Notes, Errata: https://www.FreeBSD.org/releases/ Security Advisories: https://www.FreeBSD.org/security/ FreeBSD Handbook: https://www.FreeBSD.org/handbook/ FreeBSD FAQ: https://www.FreeBSD.org/faq/ Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/ FreeBSD Forums: https://forums.FreeBSD.org/ Documents installed with the system are in the /usr/local/share/doc/freebsd/ directory, or can be installed later with: pkg install en-freebsd-doc For other languages, replace "en" with a language code like de or fr. Show the version of FreeBSD installed: freebsd-version ; uname -a Please include that output and any error messages when posting questions. Introduction to manual pages: man man FreeBSD directory layout: man hier Edit /etc/motd to change this login announcement. If you'd like to keep track of applications in the FreeBSD ports tree, take a look at FreshPorts; https://www.freshports.org/ But since I am obviously making this up, you can close this one also
Hi, I'm sorry for closing PR 248439 abruptly - I should have waited longer for feedback. Per that PR, the default sshd in 12.1 configuration will ignore authorized_keys2. 12.1 sets "AuthorizedKeysFile .ssh/authorized_keys" in /etc/ssh/sshd_config, i.e., it overrides OpenSSH's default. This seems to match the behaviour you are describing. Are you using a non-default configuration?
As far as I can tell your example functions as expected: you cannot connect with keys in .ssh/authorized_keys2, and can with keys in .ssh/authorized_keys. Again, from sshd(8): > AuthorizedKeysFile specifies the files containing public keys for public > key authentication; if this option is not specified, the default is > ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2. But the option *is* specified in the default /etc/sshd_config file: # The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 # but this is overridden so installations will only check .ssh/authorized_keys AuthorizedKeysFile .ssh/authorized_keys If have no AuthorizedKeysFile setting in your sshd configuration the compiled-in default is ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2. If you *do* have an AuthorizedKeysFile in your sshd configuration (/etc/ssh/sshd_config) that takes precedence over the default compiled into sshd.
Closing as no feedback was received in response to comment #1.