search for: ssh_rsa_sign

Functionality request for supporting Digital Signatures for RSA and DSS Public Key Algorithms in alignment with NIST SP800-131A. I assume this has been asked before, but I could not find in the archives. Support of "ssh-rsa-sha256" and "ssh-dss-sha256" public key algorithms for OpenSSH? I know Suite B Algorithms and x509 SSH Extension Algorithms are supported, but not a

...urning with: Security status not satisfied sec.c:53:sc_compute_signature: returning with: Security status not satisfied pkcs15-sec.c:285:sc_pkcs15_compute_signature: sc_compute_signature() failed: Security status not satisfied sc_pkcs15_compute_signature() failed: Security status not satisfied ssh_rsa_sign: RSA_sign failed: error:00000000:lib(0):func(0):reason(0) This is happen because openssh never prompt for the pin. If I use the openssh-agent and ssh-add everything works well. ssh-add -s 0 ssh localhost :) --> Have a lot of fun The question now: Does Smartcards only work, if I use the ssh-...

I wasn't having much luck getting a key and certificate stored on a hardware token to work until I made this fix. The ssh_rsa_sign key was not using either overloading. I used the rsa.meth way, instead of the engine. With this patch ssh-add works. I'm working on getting ssh to take a PIN, but when I put in a call to read_passphrase in the appropriate place, it muddies the waters for stdin, I think. I get errors in...

...nd hmac-md5 debug1: kex: client->server 3des-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: server->client 3des-cbc hmac-md5 none debug1: dh_gen_key: priv key bits set: 179/384 debug1: bits set: 518/1024 debug1: expecting SSH2_MSG_KEXDH_INIT debug1: bits set: 493/1024 debug2: ssh_rsa_sign: done debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user rplb service ssh-connection method none debug1: attempt 0 failures 0...

...5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received WARNING: /etc/ssh/primes does not exist, using old prime debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: dh_gen_key: priv key bits set: 128/256 debug1: bits set: 538/1024 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 521/1024 debug2: ssh_rsa_sign: done debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug3: Trying to reverse map address cl.ie.nt.ip. debug1: usera...

...md5 debug1: kex: server->client blowfish-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: dh_gen_key: priv key bits set: 123/256 debug1: bits set: 1067/2049 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 1018/2049 debug2: ssh_rsa_sign: done debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user fdsmith service ssh-connection...

...des-cbc hmac-sha1 none debug2: mac_init: found hmac-sha1 debug1: kex: server->client 3des-cbc hmac-sha1 none debug1: Wait SSH2_MSG_KEX_DH_GEX_REQUEST. debug1: Sending SSH2_MSG_KEX_DH_GEX_GROUP. debug1: bits set: 1009/2049 debug1: Wait SSH2_MSG_KEX_DH_GEX_INIT. debug1: bits set: 1013/2049 debug2: ssh_rsa_sign: done debug1: send SSH2_MSG_NEWKEYS. debug1: done: send SSH2_MSG_NEWKEYS. debug1: Wait SSH2_MSG_NEWKEYS. debug1: GOT SSH2_MSG_NEWKEYS. debug1: done: KEX2. debug1: userauth-request for user myaccount service ssh-connection method none debug1: attempt 0 failures 0 debug2: input_userauth_request: sett...

..._userauth_pk_ok: fp 0f:95:05:08:b7:47:eb:dd:37:ae:71:c1:5a:24:4b:20 debug3: sign_and_send_pubkey debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> Enter passphrase for key '/users/clad/.ssh/id_rsa': debug1: read PEM private key done: type RSA debug2: ssh_rsa_sign: done debug1: ssh-userauth2 successful: method publickey debug3: clear hostkey 0 debug3: clear hostkey 1 debug3: clear hostkey 2 debug1: channel 0: new [client-session] debug1: channel_new: 0 debug1: send channel open 0 Memory fault Output from /usr/local/sbin/sshd -ddd -D on server side (HP K460,...

...c-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: dh_gen_key: priv key bits set: 128/256 debug1: bits set: 1013/2049 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 1035/2049 debug2: ssh_rsa_sign: done debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done cce2 ef49 0301 2989 12ca ba7f ccf1 72e8 Disconnecting: Bad pack...

...mac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent debug1: dh_gen_key: priv key bits set: 118/256 debug1: bits set: 997/2049 debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT debug1: bits set: 991/2049 debug2: ssh_rsa_sign: done debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: KEX done debug1: userauth-request for user phil service ssh-connection me...

...usr/local/lib/libmusclepkcs11.so debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Offering public key: /usr/local/lib/libmusclepkcs11.so debug1: Server accepts key: pkalg ssh-rsa blen 151 Enter PIN for 'MuscleCard Applet': C_FindObjects failed (0 nfound): 0 ssh_rsa_sign: RSA_sign failed: error:00000000:lib(0):func(0):reason(0) debug1: Trying private key: /home/dbenoy/.ssh/id_rsa debug1: Trying private key: /home/dbenoy/.ssh/id_dsa debug1: Next authentication method: keyboard-interactive Password: ---------- This PKCS#11 module works fine with Evolution, Firefox,...

...userauth_pk_ok: fp fc:0c:ec:64:78:de:f2:ec:98:c6:89:7e:74:e3:83: debug3: sign_and_send_pubkey debug1: PEM_read_PrivateKey failed debug1: read PEM private key done: type <unknown> Enter passphrase for key '/home/jrippas/.ssh/id_rsa': debug1: read PEM private key done: type RSA debug2: ssh_rsa_sign: done debug1: ssh-userauth2 successful: method publickey debug3: clear hostkey 0 debug3: clear hostkey 1 debug3: clear hostkey 2 debug1: channel 0: new [client-session] debug1: channel_new: 0 debug1: send channel open 0 debug1: Entering interactive session. debug2: callback start debug1: client_ini...

...e_accept w/o service debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,password debug1: next auth method to try is publickey debug1: try privkey: /home/user1/.ssh/identity debug1: try privkey: /home/user1/.ssh/id_rsa debug1: read PEM private key done: type RSA ssh_rsa_sign: SSH_BUG_SIGBLOB not supported resulting in a failure to use the private key and dropped into password authentication INSTANCE 3) generated DSA public/private key pair using F-SECURE ssh-keygen v 2.0.12 converted the SECSH keys to OpenSSH format using OpenSSH ssh-keygen as follows "ssh-k...

...f -u -r1.26 key.h --- key.h 3 Aug 2006 03:34:42 -0000 1.26 +++ key.h 15 Nov 2006 14:14:33 -0000 @@ -53,6 +53,7 @@ int flags; RSA *rsa; DSA *dsa; + u_char *cert; }; Key *key_new(int); @@ -83,5 +84,7 @@ int ssh_dss_verify(const Key *, const u_char *, u_int, const u_char *, u_int); int ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int); int ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int); + +int cert_verify(const u_char *cert, const Key *, const Key *, const u_char *); #endif Index: monitor.c ===================================================...