OpenSSH auth broken

Over the weekend openssh was updated from 7.6p1-lp150.7.4 to 7.6p1-lp150.8.3.1 and I am now unable to ssh to any client using certificate authentication. I can ssh into my localhost or other hosts not requiring a certificate. Downgrading back to the previous version fixes the issue, and have locked it to that version for now. Does anyone know what is going on with this, or does anyone have any solutions (other than downgrading)?

Last few lines in debug output, with the last line continuously repeating:

debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug1: Next authentication method: gssapi-with-mic
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password

I am not noticing any issues here.

What kind of key are you using?

A while ago, the openssh developers marked DSA keys as deprecated. And later, they removed support. I don’t know if that change has reached Leap 15.0, but it has reached Tumbleweed.

I am authenticating without problems using RSA keys.

I think you might be talking about x.509 style certificates signed by a CA. I have no experience using ssh with those. So maybe my reply above is not relevant to your problem.

OK, found the issue. In my ssh_config file, I had GSSAPIAuthentication enabled, but we don’t use any Kerberos authentication so was not needed. For some reason in the previous version of OpenSSH this didn’t impact the connections, but stopped working in the new. Setting this to no has fixed the issue.

I’m glad you have solved your problem. And thanks for reporting back.