thr3ads.net - openssh bugs - [Bug 1853] New: sshd doesn't seem to be able to auth a user using an rsa key of 20000 bit [Feb 2011]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at bugzilla.mindrot.org

2011-Feb-04 13:28 UTC

[Bug 1853] New: sshd doesn't seem to be able to auth a user using an rsa key of 20000 bit

https://bugzilla.mindrot.org/show_bug.cgi?id=1853

           Summary: sshd doesn't seem to be able to auth a user using an
                    rsa key of 20000 bit
           Product: Portable OpenSSH
           Version: 5.7p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: db.pub.mail at gmail.com


sshd doesn't seem to be able to auth a user using an rsa key of 20000
bit.

1. I generated an ssh rsa key like this:
    ssh-keygen  -t rsa -b 20000

2. I placed the public key into another users authorized_keys file

3. I tried to ssh that user.

What happens: 
   4. "Feb  4 23:35:50 ABOX sshd[17138]: error: RSA_public_decrypt
failed: error:04067069:lib(4):func(103):reason(105)"

What should happen:
   4. Accepted publickey for .... 



------
Use cases:
1. having an ssh key over 9000. "00:18 < Kenny> Yes, so will I, for
security-measures based on DragonBall Z memes. ;)"

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2011-Feb-04 17:38 UTC

head link

[Bug 1853] sshd doesn't seem to be able to auth a user using an rsa key of 20000 bit

https://bugzilla.mindrot.org/show_bug.cgi?id=1853

Tomas Mraz <t8m at centrum.cz> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |t8m at centrum.cz

--- Comment #1 from Tomas Mraz <t8m at centrum.cz> 2011-02-05 04:38:37 EST
---
This is not blocked in ssh but in OpenSSL. RSA keys larger than 16384
bits are disallowed in it because of potential CPU resource overusage
(effective DoS) on servers.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2011-Feb-05 00:44 UTC

head link

[Bug 1853] sshd doesn't seem to be able to auth a user using an rsa key of 20000 bit

https://bugzilla.mindrot.org/show_bug.cgi?id=1853

--- Comment #2 from daveb <db.pub.mail at gmail.com> 2011-02-05 11:44:44
EST ---
(In reply to comment #1)> This is not blocked in ssh but in OpenSSL. RSA keys larger than 16384
> bits are disallowed in it because of potential CPU resource overusage
> (effective DoS) on servers.
Oh ok that's interesting. I didn't know that. I couldn't find a size
limitation anywhere (other than ssh-keygen when generating a cert).

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2011-Feb-06 02:50 UTC

head link

[Bug 1853] sshd doesn't seem to be able to auth a user using an rsa key of 20000 bit

https://bugzilla.mindrot.org/show_bug.cgi?id=1853

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID

--- Comment #3 from Darren Tucker <dtucker at zip.com.au> 2011-02-06
13:50:53 EST ---
The limitation is in OpenSSL's rsa.h (probably
/usr/include/openssl/rsa.h or similar):

$ grep "define.*RSA_MAX" /usr/include/openssl/rsa.h 
# define OPENSSL_RSA_MAX_MODULUS_BITS    16384
# define OPENSSL_RSA_MAX_PUBEXP_BITS    64 /* exponent limit enforced
for "large" modulus only */

If you want bigger keys, you'll need to change that and recompile
OpenSSL then rebuild OpenSSH against it.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2011-Sep-06 05:32 UTC

head link

[Bug 1853] sshd doesn't seem to be able to auth a user using an rsa key of 20000 bit

https://bugzilla.mindrot.org/show_bug.cgi?id=1853

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #4 from Damien Miller <djm at mindrot.org> 2011-09-06 15:32:46
EST ---
close resolved bugs now that openssh-5.9 has been released

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

Reasonably Related Threads

Search for more seemingly similar threads

openssh bugs - Feb 2011 - [Bug 1853] New: sshd doesn't seem to be able to auth a user using an rsa key of 20000 bit

[Bug 1853] New: sshd doesn't seem to be able to auth a user using an rsa key of 20000 bit

[Bug 1853] sshd doesn't seem to be able to auth a user using an rsa key of 20000 bit

[Bug 1853] sshd doesn't seem to be able to auth a user using an rsa key of 20000 bit

[Bug 1853] sshd doesn't seem to be able to auth a user using an rsa key of 20000 bit

[Bug 1853] sshd doesn't seem to be able to auth a user using an rsa key of 20000 bit

Reasonably Related Threads