Stefan Hadjistoytchev
2003-Jun-13 06:04 UTC
Problem/bug report for "bad decrypted len" error in OpenSSH
Hi!
I think lines between 250-252 in file ssh-rsa.c in OpenSSH source code
should be commented ! ! !
REASON:
Using "SecureNetTerm Client" ( http://www.securenetterm.com/ ) with
"SecureKeyAgent" ver. 5.4.2.4 ( Or same is with Putty + SecureKeyAgent
) to
connect to OpenSSH server "OpenSSH ver. 3.6.1" using public key from
Smart
Card certificate causes the following errors in
"/var/log/auth/errors":
.............
sshd[1224] error: bad decrypted len: 36 != 20 + 15
sshd[1227] error: bad decrypted len: 36 != 20 + 15
.............
I sent a letter about this to SecureNetTerm and here is the answer:
> OpenSSH 3.6.1 is a little braindead when it comes to proper operation of
Certificates.> All you have to do is edit the OpenSSL file ssh-rsa.c and comment out
lines 250-252.> This is a redundant length check that is not technically correct. The
OpenSSH team is> aware of the problem but don't care since they have no idea how to use
certificates.
Would You please comment on this or FIX this issue ?
Best regards
Stefan Hadjistoytchev
Markus Friedl
2003-Jun-13 07:54 UTC
Problem/bug report for "bad decrypted len" error in OpenSSH
no, we have no idea how to use certificates. i don't see a bugzilla bug for this, so how can we be aware? On Fri, Jun 13, 2003 at 09:04:01AM +0300, Stefan Hadjistoytchev wrote:> Hi! > I think lines between 250-252 in file ssh-rsa.c in OpenSSH source code > should be commented ! ! ! > > REASON: > Using "SecureNetTerm Client" ( http://www.securenetterm.com/ ) with > "SecureKeyAgent" ver. 5.4.2.4 ( Or same is with Putty + SecureKeyAgent ) to > connect to OpenSSH server "OpenSSH ver. 3.6.1" using public key from Smart > Card certificate causes the following errors in "/var/log/auth/errors": > ............. > sshd[1224] error: bad decrypted len: 36 != 20 + 15 > sshd[1227] error: bad decrypted len: 36 != 20 + 15 > ............. > > I sent a letter about this to SecureNetTerm and here is the answer: > > > OpenSSH 3.6.1 is a little braindead when it comes to proper operation of > Certificates. > > All you have to do is edit the OpenSSL file ssh-rsa.c and comment out > lines 250-252. > > This is a redundant length check that is not technically correct. The > OpenSSH team is > > aware of the problem but don't care since they have no idea how to use > certificates. > > Would You please comment on this or FIX this issue ? > > Best regards > Stefan Hadjistoytchev > > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
Markus Friedl
2003-Jun-13 08:06 UTC
Problem/bug report for "bad decrypted len" error in OpenSSH
On Fri, Jun 13, 2003 at 09:04:01AM +0300, Stefan Hadjistoytchev wrote:> Hi! > I think lines between 250-252 in file ssh-rsa.c in OpenSSH source code > should be commented ! ! ! > > REASON: > Using "SecureNetTerm Client" ( http://www.securenetterm.com/ ) with > "SecureKeyAgent" ver. 5.4.2.4 ( Or same is with Putty + SecureKeyAgent ) to > connect to OpenSSH server "OpenSSH ver. 3.6.1" using public key from Smart > Card certificate causes the following errors in "/var/log/auth/errors": > ............. > sshd[1224] error: bad decrypted len: 36 != 20 + 15 > sshd[1227] error: bad decrypted len: 36 != 20 + 15why is len != 35?
Damien Miller
2003-Jun-18 12:23 UTC
Problem/bug report for "bad decrypted len" error in OpenSSH
Stefan Hadjistoytchev wrote:> I think we should ask SecureNetTerm team at support at securenetterm.com ( > Ken ) > Would You please ask them because You could better and quicker clearify the > technical issue with them ?Yes, it would be good if we received proper bug reports from them rather than 2nd-hand snide comments in email. -d> Best regards > Stefan > > ----- Original Message ----- > From: "Markus Friedl" <markus at openbsd.org> > To: "Stefan Hadjistoytchev" <sth at hq.bsbg.net> > Cc: "Damien Miller" <djm at mindrot.org>; <openssh-unix-dev at mindrot.org> > Sent: Wednesday, June 18, 2003 12:37 PM > Subject: Re: Problem/bug report for "bad decrypted len" error in OpenSSH > > >> On Wed, Jun 18, 2003 at 09:35:35AM +0300, Stefan Hadjistoytchev wrote: >> > I received: >> > 00 >> > whats next ? >> >> it would be nice to know why the client sends this extra 0 byte. >> >> i think it should not. >> >>
Markus Friedl
2003-Jun-18 12:41 UTC
Problem/bug report for "bad decrypted len" error in OpenSSH
On Wed, Jun 18, 2003 at 03:08:12PM +0300, Stefan Hadjistoytchev wrote:> I think we should ask SecureNetTerm team at support at securenetterm.com ( > Ken ) > Would You please ask them because You could better and quicker clearify the > technical issue with them ?they should send a bugreport explaining where the extra 0x00 is from.
Maybe Matching Threads
- [Bug 592] "Bad decrypted len" error in OpenSSH using smart-card stored public-key
- Problem/bug report for "bad decrypted len" error in
- Fw: Problem/bug report for "bad decrypted len" error in OpenSSH
- [Bug 592] "Bad decrypted len" error in OpenSSH using smart-card stored public-key
- How to mail decrypted password to user?