search for: rsa_public_decrypt

...st older > > OpenSSL versions due to the lack of GCM support. > > Please try this diff: > I applied the diff you supplied, along with the previous diff. The regression tests got further along, but now fail in integrity.sh: run test integrity.sh ... test integrity: hmac-sha1 @2300 RSA_public_decrypt failed: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01. key_verify failed for server_host_key. unexpected error mac hmac-sha1 at 2300 test integrity: hmac-sha1 @2301 RSA_public_decrypt failed: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is...

Does anyone knows if there is a patch for OpenSSH in order to make it work with 0.9.8r OpenSSL in FIPS Mode ? I'm having problem with the RSA_public_decrypt() function that is failing in FIPS Mode, I changed it to use RSA_verify instead and setting the flag "RSA_FLAG_NON_FIPS_ALLOW", and it's working fine now, but I'm not sure if this is allowed in FIPS Mode, does anyone knows something about that ? I read something about the use of E...

...en_key: priv key bits set: 125/256 debug1: bits set: 1046/2048 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'logserver' is known and matches the RSA host key. debug1: Found key in /export/backup/.ssh/known_hosts:1 debug1: bits set: 1059/2048 RSA_public_decrypt failed: error:8106A072:lib(129):func(106):reason(114) debug1: ssh_rsa_verify: signature incorrect key_verify failed for server_host_key debug1: Calling cleanup 0x348a4(0x0) -bash-3.00$ Best regards, Mike Please do not print this email unless it is absolutely necessary. The information containe...

code version referenced: openssh-5.9p1 Hi all, When building openssh with openssl (specifically versions newer than openssl 0.9.8q), there is an issue if FIPS mode is active for openssl. In ssh-rsa.c on line 243 RSA_public_decrypt is called, which is disallowed now in openssl (if in FIPS mode). The library requires appliactions to use the EVP API if running in FIPS mode so it can disallow certain cipher suites and hash algorithms that are not considered FIPS compliant. The user experience is that the scp/ssh client fails b...

I hope I don't get flamed the first time I post to a new list. I have spent a couple of hours poking around without seeing anything like this. The problem is, as soon as I load the Zaptel drivers (with a TDM-31B card), ssh into or out of the server is broken. Trying to ssh in, I get: RSA_public_decrypt failed: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01 key_verify failed for server_host_key If I try to ssh out, I get: hash mismatch key_verify failed for server_host_key This makes administering the server remotely impossible, so it's a fairly large proble...

....7p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: andres at anarazel.de Hi, The code injected in CVE-2024-3094 causes RSA_public_decrypt to be redirected to a payload. This is not reachable for normal pubkey authentication without 1) the key algorithm being of a permitted type 2) knowing at least the signature of a pubkey in authorized_keys etc However, certificates are verified before such checks: userauth_pubkey() -> sshkey_...

...t cisco.com Created attachment 2135 --> https://bugzilla.mindrot.org/attachment.cgi?id=2135 Suggested patch When building openssh with openssl library with FIPS (specifically versions newer than openssl 0.9.8q), there is an issue if FIPS mode is active for openssl. In ssh-rsa.c on line 243 RSA_public_decrypt is called, which is disallowed now in openssl (if in FIPS mode). The library requires applications to use the EVP API if running in FIPS mode so it can disallow certain cipher suites and hash algorithms that are not considered FIPS compliant. The user experience is that the scp/ssh client fails b...

...ccessfully connect from the client to the server with that config. However, on the client-side, if I add a ~/.ssh/id_rsa.pub public key file that doesn?t match the private key file ~/.ssh/id_rsa, it will fail with ?Permission denied (publickey).? Error on the server-side (sshd logs): error: RSA_public_decrypt failed: error:0407006A:lib(4):func(112):reason(106) # openssl errstr 0407006A error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01 It seems weird to me that a public key on the client side is taken into account, when it works well without. Linux distrib: CentO...

...wnloaded fron SunFreeware and I did not > changed any config file. > Both the machines are running Solaris 8. > > <test1> /usr/local/bin> ssh -2 -v -v -v test2 > ... > ... > debug1: Found key in /local_home/luca/.ssh/known_hosts:2 > debug1: bits set: 1594/3191 > RSA_public_decrypt failed: error:0407006A:rsa > routines:RSA_padding_check_PKCS1_type_1:block type is not 01 > debug1: ssh_rsa_verify: signature incorrect > key_verify failed for server_host_key > ... same problem here with Solaris 8 openssl 0.9.6i from Sunfreeware.com. I recompiled openssh-3.5p1 (and 3...

...IBCRYPTO_EVP_INL_TYPE unsigned int #else # define LIBCRYPTO_EVP_INL_TYPE size_t > I applied the diff you supplied, along with the previous diff. The > regression tests got further along, but now fail in integrity.sh: > > run test integrity.sh ... > test integrity: hmac-sha1 @2300 RSA_public_decrypt failed: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01. key_verify failed for server_host_key. I expect this is the test that is choking rather than ssh/sshd, otherwise the regress tests wouldn't have made it that far without error (given the ones you see here)...

Hi, I have a returning problem with one of my sparc Solaris machines. I have a Ultra2 with two 296MHz processors. All recent combinations of openssh/openssl have a not permanent problem. If i try to connect to the machine, i get sometimes these errors: # ssh root at simba RSA_public_decrypt failed: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01 key_verify failed for server_host_key # ssh root at simba hash mismatch key_verify failed for server_host_key # ssh root at simba hash mismatch key_verify failed for server_host_key And sometimes it works. At t...

...m to be able to auth a user using an rsa key of 20000 bit. 1. I generated an ssh rsa key like this: ssh-keygen -t rsa -b 20000 2. I placed the public key into another users authorized_keys file 3. I tried to ssh that user. What happens: 4. "Feb 4 23:35:50 ABOX sshd[17138]: error: RSA_public_decrypt failed: error:04067069:lib(4):func(103):reason(105)" What should happen: 4. Accepted publickey for .... ------ Use cases: 1. having an ssh key over 9000. "00:18 < Kenny> Yes, so will I, for security-measures based on DragonBall Z memes. ;)" -- Configure bugmail: https...

.... >> >> However, on the client-side, if I add a ~/.ssh/id_rsa.pub public key file >> that doesn?t match the private key file ~/.ssh/id_rsa, it will fail with >> ?Permission denied (publickey).? >> >> Error on the server-side (sshd logs): >> >> error: RSA_public_decrypt failed: >> error:0407006A:lib(4):func(112):reason(106) > > ssh uses the public key to avoid loading or decrypting the private > key for cases were it isn't necessary. We should improve the handling > of cases where they don't match. > But if it does not have the p...

...rsa.c:263: warning: pointer targets in passing argument 2 of ''RSA_public_encrypt'' differ in signedness ossl_pkey_rsa.c:263: warning: pointer targets in passing argument 3 of ''RSA_public_encrypt'' differ in signedness ossl_pkey_rsa.c: In function ''ossl_rsa_public_decrypt'': ossl_pkey_rsa.c:285: warning: pointer targets in passing argument 2 of ''RSA_public_decrypt'' differ in signedness ossl_pkey_rsa.c:285: warning: pointer targets in passing argument 3 of ''RSA_public_decrypt'' differ in signedness ossl_pkey_rsa.c: In fu...