After installing openssh 7.8p1 from the network repo, logging in via ssh fails when using pubkeys.

(I did not check if logging in with a password is also affected.)

Running 

sshd -Ddd

shows this error message

mm_answer_keyverify: buffer error: incomplete message

A quick search for "mm_answer_keyverify" inside the patches applied to the package shows "openssh-7.7p1-audit.patch" to contain changes to that function.

As the patch states 

"Extended auditing through the Linux Auditing subsystem
RH patch from git://pkgs.fedoraproject.org/openssh.git"

it was based on the respective patch from RedHat, I took a look at the respective patch from RH/Fedora and found the following discrepancy:

openSUSE:

@@ -1375,6 +1393,7 @@ mm_answer_keyverify(int sock, struct ssh
        char *sigalg;
        size_t signaturelen, datalen, bloblen;
        int r, ret, valid_data = 0, encoded_ret;
+       int type = 0;
 
        if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
            (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 ||

Fedora 28:

@@ -1396,8 +1413,10 @@ mm_answer_keyverify(int sock, struct ssh
 	char *sigalg;
 	size_t signaturelen, datalen, bloblen;
 	int r, ret, valid_data = 0, encoded_ret;
+	int type = 0;
 
-	if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
+	if ((r = sshbuf_get_u32(m, &type)) != 0 ||
+	    (r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
 	    (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 ||
 	    (r = sshbuf_get_string(m, &data, &datalen)) != 0 ||
 	    (r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0)

After adding this extra change


-	if ((r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
+	if ((r = sshbuf_get_u32(m, &type)) != 0 ||
+	    (r = sshbuf_get_string(m, &blob, &bloblen)) != 0 ||
 	    (r = sshbuf_get_string(m, &signature, &signaturelen)) != 0 ||
 	    (r = sshbuf_get_string(m, &data, &datalen)) != 0 ||
 	    (r = sshbuf_get_cstring(m, &sigalg, NULL)) != 0)

to monitor.c in the audit.patch, openssh works as expected.

Greetings,

AK