Flo Gleixner
2004-Apr-21 09:06 UTC
Solaris 8: RSA_padding_check_PKCS1_type_1:block type is not 01
Hi,
I have a returning problem with one of my sparc Solaris machines. I have a
Ultra2 with two 296MHz processors. All recent combinations of
openssh/openssl have a not permanent problem. If i try to connect to the
machine, i get sometimes these errors:
# ssh root at simba
RSA_public_decrypt failed: error:0407006A:rsa
routines:RSA_padding_check_PKCS1_type_1:block type is not 01
key_verify failed for server_host_key
# ssh root at simba
hash mismatch
key_verify failed for server_host_key
# ssh root at simba
hash mismatch
key_verify failed for server_host_key
And sometimes it works. At the moment i need about 10 tries to get in. If
i manage to get in, i can use the ssh connection for weeks without
problem.
a ssh -vvv puts out this:
...
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 122/256
debug2: bits set: 1049/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/gleixner/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 76
debug3: check_host_in_hostfile: filename /home/gleixner/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 76
debug1: Host 'simba' is known and matches the RSA host key.
debug1: Found key in /home/gleixner/.ssh/known_hosts:76
debug2: bits set: 1010/2048
hash mismatch
debug1: ssh_rsa_verify: signature incorrect
key_verify failed for server_host_key
debug1: Calling cleanup 0x80627f0(0x0)
O.K. now the fun:
if i disable one processor (psradm -f 1) then i cannot reproduce the bug!
I tried sone other single/multiprocessor sparc-machines and i cannot
reproduce the bug there. I probably have to say, that only tried
sunfreeware.com packages. At the moment i use:
bash-2.03# pkginfo -l SMCossh
PKGINST: SMCossh
NAME: openssh
CATEGORY: application
ARCH: sparc
VERSION: 3.8p1
BASEDIR: /usr/local
VENDOR: The OpenSSH Group
PSTAMP: Steve Christensen
INSTDATE: Apr 21 2004 09:31
EMAIL: steve at smc.vnet.net
STATUS: completely installed
FILES: 52 installed pathnames
5 shared pathnames
11 directories
10 executables
1 setuid/setgid executables
3207 blocks used (approx)
bash-2.03# pkginfo -l SMCossld
PKGINST: SMCossld
NAME: openssl
CATEGORY: application
ARCH: sparc
VERSION: 0.9.7d
BASEDIR: /usr/local
VENDOR: The OpenSSL Group
PSTAMP: Steve Christensen
INSTDATE: Apr 21 2004 09:31
EMAIL: steve at smc.vnet.net
STATUS: completely installed
FILES: 1542 installed pathnames
41 directories
44 executables
19902 blocks used (approx)
Thanks for any help.
Flo
Darren Tucker
2004-Apr-21 10:09 UTC
Solaris 8: RSA_padding_check_PKCS1_type_1:block type is not 01
Flo Gleixner wrote:> I have a returning problem with one of my sparc Solaris machines. I have a > Ultra2 with two 296MHz processors. All recent combinations of > openssh/openssl have a not permanent problem. If i try to connect to the > machine, i get sometimes these errors:[snip]> if i disable one processor (psradm -f 1) then i cannot reproduce the bug! > I tried sone other single/multiprocessor sparc-machines and i cannot > reproduce the bug there. I probably have to say, that only tried > sunfreeware.com packages. At the moment i use:This is probably faulty hardware. We have seen problems with a 300MHz UltraSPARC-II's w/2MB cache. This includes the "hash mismatch" and "key_verify failed for server_host_key" errors (although they occurred infrequently), and it took way too long (many hours) to generate DSA host keys (this was consistent). OpenSSL's "make test" also failed. The faulty processor had these markings: date code = 0598 processor wk/yr = 44/97 processor rev 52 made in uk @ d2d See also: http://marc.theaimsgroup.com/?l=openbsd-sparc&m=103826497310917 -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.