openssh unix dev - Sep 2001 - ssh2 key passphrase problems in 2.9.9 on Linux

I've just compiled and installed openssh-2.9.9p2 (compiled against 
openssl-0.9.6b using gcc-3.0.0) on a Slackware 7-based Linux machine 
(kernel 2.4.6ac2).  The previously installed version was 2.9p2, compiled 
against openssl-0.9.6a, also with gcc-3.0.0, but with a different build of 
gcc-3.0.0.

Everything seems to work fine except for one problem:  passphrase matching 
for ssh2 keys *always* fails.  I've run ssh-add under gdb several times 
trying to see what's going wrong, so far without learning anything 
particularly enlightening.

Has anyone else encountered this problem?  I have a possible theory that
it's compiler-related, but I haven't been able to verify the theory yet.
(My previous gcc-3.0.0 was compiled with gcc-2.95.3, while the current one
was compiled with a gcc-3.0.1 installation that I subsequently backed out
after discovering it wouldn't compile a kernel.  Although I did a full
3-stage bootstrap when I rebuilt 3.0.0, I beginning to wonder whether I
still somehow got a subtly bad build.)


-- 
   Linux Now!   .........Because friends don't let friends use Microsoft.
  phil stracchino   ::   alaric at babcom.com   ::   halmayne at sourceforge.net
    unix ronin     ::::   renaissance man   ::::   mystic zen biker geek
     2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)

On Thu, 27 Sep 2001, Phil Stracchino wrote:
> 
> I've just compiled and installed openssh-2.9.9p2 (compiled against 
> openssl-0.9.6b using gcc-3.0.0) on a Slackware 7-based Linux machine 
> (kernel 2.4.6ac2).  The previously installed version was 2.9p2, compiled 
> against openssl-0.9.6a, also with gcc-3.0.0, but with a different build of 
> gcc-3.0.0.
> 
> Everything seems to work fine except for one problem:  passphrase matching 
> for ssh2 keys *always* fails.  I've run ssh-add under gdb several times
> trying to see what's going wrong, so far without learning anything 
> particularly enlightening.
Are you using ssh-askpass or entering the passphrase from a tty?

-d

-- 
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor
man's
| http://www.mindrot.org          /   distributed filesystem'' - Dan
Geer

On Thu, Sep 27, 2001 at 02:26:14PM -0700, Phil Stracchino
wrote:
> I've just compiled and installed openssh-2.9.9p2 (compiled against 
> openssl-0.9.6b using gcc-3.0.0) on a Slackware 7-based Linux machine 
> (kernel 2.4.6ac2).  The previously installed version was 2.9p2, compiled 
> against openssl-0.9.6a, also with gcc-3.0.0, but with a different build of 
> gcc-3.0.0.
> 
> Everything seems to work fine except for one problem:  passphrase matching 
> for ssh2 keys *always* fails.  I've run ssh-add under gdb several times
> trying to see what's going wrong, so far without learning anything 
> particularly enlightening.

I have finally managed to isolate this down to the following:  For SSH2 
DSA and RSA keys, the OpenSSL PEM_read_PrivateKey() macro, called from 
authfile.c line 448:

	pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);

is consistently failing and always returns NULL, whereas it should be
returning a EVP_PKEY struct with pk->type containing either EVP_PKEY_RSA
or EVP_PKEY_DSA.  As far as I can see from the OpenSSL code, this means
that BIO_new(BIO_s_file()) has to be returning NULL, but that's as far as
I can figure it out; the internals of OpenSSL are utterly impenetrable to
me.

Any suggestions, anyone?  I think I've taken this problem about as far as 
I can diagnose it myself.


OpenSSL was configured using the following options:  --prefix=/usr shared 
threads -D_REENTRANT.  Recompiling with no-threads out of constructive 
paranoia made no difference.

OpenSSH was configured with:  configure --prefix=/usr --with-tcp-wrappers 
--with-md5-passwords --with-ipv4-default --sysconfdir=/etc

The same key files are handled correctly on a Solaris 2.8 machine with the
same OpenSSL and OpenSSH versions, configured identically except for no
--with-md5-passwords because Solaris still doesn't support md5crypt.  Bad
Sun, bad.  No donut.



-- 
   Linux Now!   .........Because friends don't let friends use Microsoft.
  phil stracchino   ::   alaric at babcom.com   ::   halmayne at sourceforge.net
    unix ronin     ::::   renaissance man   ::::   mystic zen biker geek
     2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)

On Fri, Sep 28, 2001 at 11:00:25AM -0700, Phil Stracchino
wrote:
> On Fri, Sep 28, 2001 at 06:21:26PM +0100, Dr S N Henson wrote:
> > Read the bit in the FAQ about adding an ERR_print_errors_fp() call
then
> > see what it says is the cause.

I tried using ERR_print_errors_fp() in the appropriate location and it 
reported nothing.  I therefore took a slightly different tack.  I changed 
the error detection code in key_load_private_pem() in authfile.c from 
this:

	pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
	if (pk == NULL) {
		debug("PEM_read_PrivateKey failed");
		(void)ERR_get_error();
	} else if (pk->type == EVP_PKEY_RSA && ....

to this:

	pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
	if (pk == NULL) {
		error("PEM_read_PrivateKey failed");
		while (ERR_peek_error())
		  error("PEM error %ld: %s", 
			ERR_peek_error(), 
			ERR_error_string(ERR_get_error(), NULL));
        } else if (pk->type == EVP_PKEY_RSA && ....


Right up to the point at which that PEM_read_PrivateKey() call is 
executed, everything appears to be working perfectly.  At the moment of 
making this call:

  filename is "/root/.ssh/id_dsa"
  passphrase contains the correct password
  fp is valid, and _IO_read_base points at the string:
    "-----BEGIN DSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\n
     DEK-Info: DES-EDE3-CBC,<data....>"

The passphrase supplied is known to be correct, and successfully unlocks
this keyfile on a Solaris 8 machine which is running the same version of
both OpenSSH and OpenSSL.  Nevertheless, PEM_read_PrivateKey returns NULL,
but according to ERR_peek_error(), no error has occurred.  I am unable to 
trace into the PEM_read_PrivateKey() call using gdb.



-- 
   Linux Now!   .........Because friends don't let friends use Microsoft.
  phil stracchino   ::   alaric at babcom.com   ::   halmayne at sourceforge.net
    unix ronin     ::::   renaissance man   ::::   mystic zen biker geek
     2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)

On Fri, Sep 28, 2001 at 06:10:43PM -0700, Phil Stracchino
wrote:
> On Sat, Sep 29, 2001 at 01:22:59AM +0100, Dr S N Henson wrote:
> > This is starting to look like a compiler bug.
> 
> I've been suspecting that myself.  The curious thing is that OpenSSH
2.9p2
> and OpenSSL 0.9.6a were working fine.

Compiler bug it is.  I haven't yet managed to rebuild a gcc-2.95,3, but I
installed an old egcs-1.1.2 (gcc-2.91.66) and recompiled OpenSSL and
OpenSSH with that, and suddenly it all worked.  There was one minor quirk:
'ssh-agent > file' no longer produced any output to <file>. 
However,
'VAR=`ssh-agent`; echo $VAR > file' worked fine.  Go figure.  I then 
recompiled OpenSSH-2.9.9 with gcc-3.0, and that worked fine, and the 
ssh-agent > file quirk vanished.  Go figure.


So, be it officially known:  gcc-3.0 will NOT correctly compile OpenSSL
v0.9.6 on Linux, but compiles OpenSSH 2.9.9 without any problems against a 
known-good OpenSSL installation.




-- 
   Linux Now!   .........Because friends don't let friends use Microsoft.
  phil stracchino   ::   alaric at babcom.com   ::   halmayne at sourceforge.net
    unix ronin     ::::   renaissance man   ::::   mystic zen biker geek
     2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)