bugzilla-daemon at mindrot.org
2003-Jun-13 20:56 UTC
[Bug 592] "Bad decrypted len" error in OpenSSH using smart-card stored public-key
http://bugzilla.mindrot.org/show_bug.cgi?id=592 Summary: "Bad decrypted len" error in OpenSSH using smart-card stored public-key Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: sth at hq.bsbg.net I think lines between 250-252 in file ssh-rsa.c in OpenSSH source code should be commented! REASON: Using "SecureNetTerm Client" ( http://www.securenetterm.com/ ) with "SecureKeyAgent" ver. 5.4.2.4 ( same situation: Putty + SecureKeyAgent ) to connect to OpenSSH server "OpenSSH ver. 3.6.1" using public key from Smart Card certificate causes the following errors in "/var/log/auth/errors": . . . sshd[1224] error: bad decrypted len: 36 != 20 + 15 sshd[1227] error: bad decrypted len: 36 != 20 + 15 . . . I sent a letter about this to SecureNetTerm and here is the answer: OpenSSH 3.6.1 is a little braindead when it comes to proper operation of Certificates. All you have to do is edit the OpenSSL file ssh-rsa.c and comment out lines 250-252. This is a redundant length check that is not technically correct. The OpenSSH team is aware of the problem but don't care since they have no idea how to use certificates. The length check is not redundant since the result might be too small for example ... I commented out lines 250-252 and problem disapeared. Please fix this issue because otherwise we could not use Smart-card certificates with OpenSSH server at all :( Best regards Stefan Hadjistoytchev ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-Jun-16 10:35 UTC
[Bug 592] "Bad decrypted len" error in OpenSSH using smart-card stored public-key
http://bugzilla.mindrot.org/show_bug.cgi?id=592 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From markus at openbsd.org 2003-06-16 20:35 ------- fixed for the next release (replaced != with <) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
Apparently Analagous Threads
- Problem/bug report for "bad decrypted len" error in OpenSSH
- Problem/bug report for "bad decrypted len" error in
- [Bug 592] "Bad decrypted len" error in OpenSSH using smart-card stored public-key
- Fw: Problem/bug report for "bad decrypted len" error in OpenSSH
- encrypt incoming emails with public gpg key before they are stored to maildir