Flo Gleixner
2004-Apr-21 09:06 UTC
Solaris 8: RSA_padding_check_PKCS1_type_1:block type is not 01
Hi, I have a returning problem with one of my sparc Solaris machines. I have a Ultra2 with two 296MHz processors. All recent combinations of openssh/openssl have a not permanent problem. If i try to connect to the machine, i get sometimes these errors: # ssh root at simba RSA_public_decrypt failed: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01 key_verify failed for server_host_key # ssh root at simba hash mismatch key_verify failed for server_host_key # ssh root at simba hash mismatch key_verify failed for server_host_key And sometimes it works. At the moment i need about 10 tries to get in. If i manage to get in, i can use the ssh connection for weeks without problem. a ssh -vvv puts out this: ... debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 122/256 debug2: bits set: 1049/2048 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug3: check_host_in_hostfile: filename /home/gleixner/.ssh/known_hosts debug3: check_host_in_hostfile: match line 76 debug3: check_host_in_hostfile: filename /home/gleixner/.ssh/known_hosts debug3: check_host_in_hostfile: match line 76 debug1: Host 'simba' is known and matches the RSA host key. debug1: Found key in /home/gleixner/.ssh/known_hosts:76 debug2: bits set: 1010/2048 hash mismatch debug1: ssh_rsa_verify: signature incorrect key_verify failed for server_host_key debug1: Calling cleanup 0x80627f0(0x0) O.K. now the fun: if i disable one processor (psradm -f 1) then i cannot reproduce the bug! I tried sone other single/multiprocessor sparc-machines and i cannot reproduce the bug there. I probably have to say, that only tried sunfreeware.com packages. At the moment i use: bash-2.03# pkginfo -l SMCossh PKGINST: SMCossh NAME: openssh CATEGORY: application ARCH: sparc VERSION: 3.8p1 BASEDIR: /usr/local VENDOR: The OpenSSH Group PSTAMP: Steve Christensen INSTDATE: Apr 21 2004 09:31 EMAIL: steve at smc.vnet.net STATUS: completely installed FILES: 52 installed pathnames 5 shared pathnames 11 directories 10 executables 1 setuid/setgid executables 3207 blocks used (approx) bash-2.03# pkginfo -l SMCossld PKGINST: SMCossld NAME: openssl CATEGORY: application ARCH: sparc VERSION: 0.9.7d BASEDIR: /usr/local VENDOR: The OpenSSL Group PSTAMP: Steve Christensen INSTDATE: Apr 21 2004 09:31 EMAIL: steve at smc.vnet.net STATUS: completely installed FILES: 1542 installed pathnames 41 directories 44 executables 19902 blocks used (approx) Thanks for any help. Flo
Darren Tucker
2004-Apr-21 10:09 UTC
Solaris 8: RSA_padding_check_PKCS1_type_1:block type is not 01
Flo Gleixner wrote:> I have a returning problem with one of my sparc Solaris machines. I have a > Ultra2 with two 296MHz processors. All recent combinations of > openssh/openssl have a not permanent problem. If i try to connect to the > machine, i get sometimes these errors:[snip]> if i disable one processor (psradm -f 1) then i cannot reproduce the bug! > I tried sone other single/multiprocessor sparc-machines and i cannot > reproduce the bug there. I probably have to say, that only tried > sunfreeware.com packages. At the moment i use:This is probably faulty hardware. We have seen problems with a 300MHz UltraSPARC-II's w/2MB cache. This includes the "hash mismatch" and "key_verify failed for server_host_key" errors (although they occurred infrequently), and it took way too long (many hours) to generate DSA host keys (this was consistent). OpenSSL's "make test" also failed. The faulty processor had these markings: date code = 0598 processor wk/yr = 44/97 processor rev 52 made in uk @ d2d See also: http://marc.theaimsgroup.com/?l=openbsd-sparc&m=103826497310917 -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.