http://bugzilla.mindrot.org/show_bug.cgi?id=592
Summary: "Bad decrypted len" error in OpenSSH using smart-card
stored public-key
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-bugs@mindrot.org
ReportedBy: sth@hq.bsbg.net
I think lines between 250-252 in file ssh-rsa.c in OpenSSH source code should
be commented!
REASON:
Using "SecureNetTerm Client" ( http://www.securenetterm.com/ ) with
"SecureKeyAgent" ver. 5.4.2.4 ( same situation: Putty + SecureKeyAgent ) to
connect to OpenSSH server "OpenSSH ver. 3.6.1" using public key from Smart
Card certificate causes the following errors in "/var/log/auth/errors":
. . .
sshd[1224] error: bad decrypted len: 36 != 20 + 15
sshd[1227] error: bad decrypted len: 36 != 20 + 15
. . .
I sent a letter about this to SecureNetTerm and here is the answer:
OpenSSH 3.6.1 is a little braindead when it comes to proper operation of
Certificates. All you have to do is edit the OpenSSL file ssh-rsa.c and
comment out lines 250-252. This is a redundant length check that is not
technically correct. The OpenSSH team is aware of the problem but don't care
since they have no idea how to use certificates.
The length check is not redundant since the result might be
too small for example ...
I commented out lines 250-252 and problem disapeared.
Please fix this issue because otherwise we could not use Smart-card
certificates with OpenSSH server at all :(
Best regards
Stefan Hadjistoytchev
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Summary: "Bad decrypted len" error in OpenSSH using smart-card
stored public-key
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-bugs@mindrot.org
ReportedBy: sth@hq.bsbg.net
I think lines between 250-252 in file ssh-rsa.c in OpenSSH source code should
be commented!
REASON:
Using "SecureNetTerm Client" ( http://www.securenetterm.com/ ) with
"SecureKeyAgent" ver. 5.4.2.4 ( same situation: Putty + SecureKeyAgent ) to
connect to OpenSSH server "OpenSSH ver. 3.6.1" using public key from Smart
Card certificate causes the following errors in "/var/log/auth/errors":
. . .
sshd[1224] error: bad decrypted len: 36 != 20 + 15
sshd[1227] error: bad decrypted len: 36 != 20 + 15
. . .
I sent a letter about this to SecureNetTerm and here is the answer:
OpenSSH 3.6.1 is a little braindead when it comes to proper operation of
Certificates. All you have to do is edit the OpenSSL file ssh-rsa.c and
comment out lines 250-252. This is a redundant length check that is not
technically correct. The OpenSSH team is aware of the problem but don't care
since they have no idea how to use certificates.
The length check is not redundant since the result might be
too small for example ...
I commented out lines 250-252 and problem disapeared.
Please fix this issue because otherwise we could not use Smart-card
certificates with OpenSSH server at all :(
Best regards
Stefan Hadjistoytchev
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.