Mailing List Archive

[Bug 3279] UpdateHostKeys triggers "client_global_hostkeys_private_confirm: server gave bad signature for RSA key 0" error message
https://bugzilla.mindrot.org/show_bug.cgi?id=3279

--- Comment #15 from Damien Miller <djm@mindrot.org> ---
Any update on this?

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3279] UpdateHostKeys triggers "client_global_hostkeys_private_confirm: server gave bad signature for RSA key 0" error message [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3279

--- Comment #16 from Thomas Braun <thomas.braun@byte-physics.de> ---
Created attachment 3535
--> https://bugzilla.mindrot.org/attachment.cgi?id=3535&action=edit
debug output with latest patches

Sorry for taking so long to respond.

Attached is the output generated with `ssh.exe -vv git@gitlab.com -i
~/.ssh/github_ed255519 2> output-with-debug-info.txt`.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3279] UpdateHostKeys triggers "client_global_hostkeys_private_confirm: server gave bad signature for RSA key 0" error message [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3279

--- Comment #17 from Thomas Braun <thomas.braun@byte-physics.de> ---
I've applied both the " dump failed key and signature" and the " dump
failed key and signature" patches.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3279] UpdateHostKeys triggers "client_global_hostkeys_private_confirm: server gave bad signature for RSA key 0" error message [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3279

--- Comment #18 from Damien Miller <djm@mindrot.org> ---
The debugging contains a signature from the server, being (hex
encoded):

484a9f2d247575206758581a99945cc0964dcb38e83ec57204d10f3421180131677082cb4aaa90a0bd2df2927e40382903866677caf2553f152156a77fe8462ce20466a08ec530ee3be6f9780e39b9f112d98db389e225d2025ad0b2a27498b56f36ce322f03124f911f4bb92311d3870dbfb988b46898d6a7b94833a6af9c9eefab7c77ca082aba62161c79d7f73842681e8da68d4b527b27104701f5e74136028550ccca3f55a1c0cafa35be7afdda609712d5d278122977867c9d1925cfee89687950be9837e696a472f9cd92a9dd7afbf4eae25d225b497da87d24af99ead3302dfbbf2085d04a91277e850ebf46828da7e5b04a9938649fe0c94a240d42

I retrieved gitlab.com's rsa key. It's:

ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9

With these, I hacked up a small program to load the key and run the
libcrypto RSA_public_decrypt() operation that fails in your case.

It worked for me and yielded a decrypted signature:

decrypted: len=35
0000: 30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 59 0!0...+........Y
0016: 90 c1 b8 16 fd f3 aa a4 d8 a6 3f 94 e0 21 03 c5 ..........?..!..
0032: e4 c2 c7

This is a structurally valid PKCS#1 1.5 rsa-sha1 padded hash.

So I think that something is wrong inside your libcrypto/OpenSSL

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3279] UpdateHostKeys triggers "client_global_hostkeys_private_confirm: server gave bad signature for RSA key 0" error message [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3279

Darren Tucker <dtucker@dtucker.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker@dtucker.net

--- Comment #19 from Darren Tucker <dtucker@dtucker.net> ---
(In reply to Damien Miller from comment #18)
[...]
> So I think that something is wrong inside your libcrypto/OpenSSL

If you built your own libcrypto, try running its self-tests (OpenSSL:
"make test", LibreSSL: "make check") and see if those pass.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3279] UpdateHostKeys triggers "client_global_hostkeys_private_confirm: server gave bad signature for RSA key 0" error message [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3279

--- Comment #20 from Thomas Braun <thomas.braun@byte-physics.de> ---
Created attachment 3536
--> https://bugzilla.mindrot.org/attachment.cgi?id=3536&action=edit
openssl test result

Thanks both.

I just rebuilt openssl and ran it's tests and all pass.

Just out of curiosity:
Why is the error I'm seeing only present when "UpdateHostKeys" is
turned on? And why does the decryption error not influence my ability
to connect to the server?

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3279] UpdateHostKeys triggers "client_global_hostkeys_private_confirm: server gave bad signature for RSA key 0" error message [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3279

--- Comment #21 from Thomas Braun <thomas.braun@byte-physics.de> ---
@Damien Can you post your small program so that I can run it here as
well?

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3279] UpdateHostKeys triggers "client_global_hostkeys_private_confirm: server gave bad signature for RSA key 0" error message [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3279

--- Comment #22 from Damien Miller <djm@mindrot.org> ---
Created attachment 3537
--> https://bugzilla.mindrot.org/attachment.cgi?id=3537&action=edit
test "program"

This is what I used, I basically hacked it in to ssh-keygen.c. It's the
opposite of pretty :)

You'll also need to repack the dumped signature into base64 and paste
it in to the sshbuf_b64tod() call. I used something like:

$ python3
>>> h='484a9f2d24757...' # Line from RSA_public_decrypt: sig=...
>>> import base64
>>> b=base64.b16decode(h, True)
>>> base64.b64encode(b)
b'SEqfLSR1dS...'

As to why ssh works while this particular operation is failing while
your ssh connection remains successful - it's probably because you're
not using RSA for the regular key exchange signature, but Ed25519:

debug1: kex: host key algorithm: ssh-ed25519


If you try something like:

for x in rsa-sha2-512 rsa-sha2-256 ssh-rsa ; do ssh
-oHostkeyAlgorithms=$x -oStrictHostkeyChecking=no
-oUserKnownHostsFile=/tmp/gitlab git@gitlab.com ; done

Then you can exercise RSA (across its variants) in the signature path
too

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3279] UpdateHostKeys triggers "client_global_hostkeys_private_confirm: server gave bad signature for RSA key 0" error message [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3279

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #3522|0 |1
is obsolete| |

--- Comment #23 from Damien Miller <djm@mindrot.org> ---
Created attachment 3538
--> https://bugzilla.mindrot.org/attachment.cgi?id=3538&action=edit
Better RSA verification debugging

Actually, instead of messing around with python please replace the
previous debugging diff with this one. It dumps the key in usable
format and the signature blob in base64

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs