You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The behaviour or server::Handler::auth_publickey method has been changed.
Previously, this method was called before the public key's signature was verified and if you didn't pay attention to the documentation, your application might interpret this call as a successful public key authentication. In reality, it's only meant to decide whether to accept the public key offer from the client or not.
Now, the method is called after the signature is verified and the return value is used to decide whether to accept the authentication or not.
The old method has been renamed to auth_publickey_offer and will accept all offers by default.
If you have not relied on the incorrect interpretation of auth_publickey method, no action is needed.
If you explicitly want to control whether public key offers are accepted or not, additionally implement auth_publickey_offer.
N.B.: In OpenSSH, the difference in user experience between rejecting a public key offer and rejecting a public key authentication is whether the key passphrase prompt has been shown.
