Dear Gentlemen: a couple of months ago we ported OpenSSH 2.3 to an IBM OS/390 Mainframe machine: It ran very well until we tried to connect to an SSH server using SSH2 protocol. On the OS/390 (which is the client) it comes up with the following error messages:>ssh -v -2 somehost. . . debug: bits set: 504/1024 debug: len 55 datafellows 0 debug: dsa_verify: signature incorrect dsa_verify failed for server_host_key debug: Calling cleanup 0x1cf36d18(0x0) and it ends. I also tried a different key : -c "blowfish-cbc" but the problem remains the same. Can anybody help ?? Gruss/ regards Michael Mai Deutsche Bank PCAM-GT CTO Platform Mainframe MVS Applications Application Enabling Technology email: michael.mai at db.com -- Diese E-Mail enth?lt vertrauliche und/oder rechtlich gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
On Mon, Nov 05, 2001 at 04:23:36PM +0100, Michael Mai wrote:> debug: bits set: 504/1024 > debug: len 55 datafellows 0 > debug: dsa_verify: signature incorrect > dsa_verify failed for server_host_key > debug: Calling cleanup 0x1cf36d18(0x0)does openssl work on this machine? e.g. openssl speed dsa ? -m
Hi, I recompiled and installed openssl. The libcrypto.a library has been rebuilt, but the problem remains unchanged: On Mon, Nov 05, 2001 at 04:23:36PM +0100, Michael Mai wrote:> debug: bits set: 504/1024 > debug: len 55 datafellows 0 > debug: dsa_verify: signature incorrect > dsa_verify failed for server_host_key > debug: Calling cleanup 0x1cf36d18(0x0)does openssl work on this machine? e.g. openssl speed dsa ? -m openssl does work now:>openssl speed dsaDoing 512 bit sign dsa's for 10s: 61 512 bit DSA signs in 3.45s Doing 512 bit verify dsa's for 10s: 57 512 bit DSA verify in 3.90s Doing 1024 bit sign dsa's for 10s: 18 1024 bit DSA signs in 3.62s Doing 1024 bit verify dsa's for 10s: 21 1024 bit DSA verify in 4.99s OpenSSL 0.9.6 24 Sep 2000 built on: Wed Nov 7 13:46:04 MEZ 2001 options:bn(32,32) md2(char) rc4(idx,char) des(ptr,cisc,16,long) idea(int) blowfi sh(ptr) compiler: c89 -g -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYSPARAM_H -D_ALL_SOURCE sign verify sign/s verify/s dsa 512 bits 0.0566s 0.0684s 17.7 14.6 dsa 1024 bits 0.2011s 0.2376s 5.0 4.2 but I still get the dsa_verify: signature incorrect message. Could you help again ?? Gruss/ regards Michael Mai email: michael.mai at db.com -- Diese E-Mail enth?lt vertrauliche und/oder rechtlich gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
First of all my congratulations for the successful development of OpenSSH 3.0 . I am still working with OpenSSH 2.3.0p1which we ported to an IBM OS/390 mainframe system. I recompiled and reinstalled OpenSSL but to no avail. Now I activated DEBUG_DSS and saw, that pub, P, Q look equal on ASCII systems and our EBCDIC system, but g looks different on our OS/390 system. Am I right to assume that g is part of the counterpart's sent public key, and if it does not match the remainder of the public key, the message "signature incorrect" may appear ?? Thank you in advance. Gruss/ regards Michael Mai Deutsche Bank PCAM-GT CTO Platform Mainframe MVS Applications Application Enabling Technology Alfred-Herrhausen-Allee 16-24 65760 Eschborn Phone: 069-910-66511 Fax: 069-910-65533 email: michael.mai at db.com -- Diese E-Mail enth?lt vertrauliche und/oder rechtlich gesch?tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrt?mlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.