Description of problem:
ssh with hostbased auth fails after changing group ID ( with newgrp, etc. )
although hostbased auth normally is accepted.
and ssh reports "setresgid XXXX: Operation not permitted".

Version-Release number of selected component (if applicable):
openssh-clients-7.4p1-11.el7.x86_64

How reproducible:
run ssh with both HostBasedAuthentication and EnableSSHKeysign enabled, after changing the group ID to one of the supplementary groups.

Steps to Reproduce:
1. run "newgrp" with one of the supplementary groups as its argument
2. under the newgrp'ed session, run ssh with hostbased auth enabled

Actual results:

Expected results:

Additional info:
comparing output;
– normal –
user1$ getent passwd user1
user1:x:1001:1001::/home/user1:/bin/bash
user1$ id
uid=1001(user1) gid=1001(group1) groups=1001(group1),1002(group2)
user1$ ssh -v -o HostbasedAuthentication=yes -o PubkeyAuthentication=no host1 hostname
...
debug1: userauth_hostbased: trying hostkey ...
debug1: permanently_drop_suid: 1001
debug1: Authentication succeeded (hostbased).
...
host1
Transferred: ...
Bytes per second: ...
debug1: Exit status 0

– chgrp'ed –
user1$ getent passwd user1
user1:x:1001:1001::/home/user1:/bin/bash
user1$ newgrp group2
user1$ id
uid=1001(user1) gid=1002(group2) groups=1002(group2),1001(group1)
user1$ ssh -v -o HostbasedAuthentication=yes -o PubkeyAuthentication=no host1 hostname
...
debug1: userauth_hostbased: trying hostkey ...
debug1: permanently_drop_suid: 1001
setresgid 1001: Operation not permitted
ssh_keysign: no reply
sign using hostkey ... failed
Permission denied (publickey,hostbased).