Displaying 20 results from an estimated 90 matches similar to: "RSA_verify question on OpenSSH Client w/ OpenSSL0.9.6a"
2002 Jun 28
2
ssh_rsa_verify: RSA_verify failed: error:
Host based authentication does not seem to be working for us after
upgrading to openssh-3.4p1 (we were at openssh-3.1p1) (openssl is at
0.96d). Any time we try to connect from another unix box also running
openssh-3.4p1, we get the following error (on the server side) and host
based auth fails (it falls back to password prompt).
sshd[15038]: error: ssh_rsa_verify: RSA_verify failed:
2020 Jun 09
3
[PATCH v2 0/2] Add openssl engine keys with provider upgrade path
I've architected this in a way that looks future proof at least to the
openssl provider transition. What will happen in openssl 3.0.0 is
that providers become active and will accept keys via URI. The
current file mechanisms will still be available but internally it will
become a file URI. To support the provider interface, openssl will
have to accept keys by URI instead of file and may
2017 Oct 26
3
[RFC 0/2] add engine based keys
Engine keys are private key files which are only understood by openssl
external engines. ?The problem is they can't be loaded with the usual
openssl methods, they have to be loaded via ENGINE_load_private_key().
?Because they're files, they fit well into openssh pub/private file
structure, so they're not very appropriately handled by the pkcs11
interface because it assumes the private
2006 Nov 15
11
OpenSSH Certkey (PKI)
This patch against OpenBSD -current adds a simple form of PKI to
OpenSSH. We'll be using it at work. See README.certkey (the first chunk
of the patch) for details.
Everything below is BSD licensed, sponsored by Allamanda Networks AG.
Daniel
--- /dev/null Wed Nov 15 15:14:20 2006
+++ README.certkey Wed Nov 15 15:13:45 2006
@@ -0,0 +1,176 @@
+OpenSSH Certkey
+
+INTRODUCTION
+
+Certkey allows
2015 Mar 31
7
Wanted: smartcard with ECDSA support
Hi list,
I have no idea if Damien Miller had the time to work on that.
I have an initial patch to authenticate using PKCS#11 and ECDSA keys.
This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the
required interfaces to override the signature function pointer for ECDSA.
The only limitation is that the OpenSSL API misses some cleanup function
(finish, for instance), hence I have yet
2020 Jan 30
6
[PATCH 1/2] Add support for openssl engine based keys
Engine keys are keys whose file format is understood by a specific
engine rather than by openssl itself. Since these keys are file
based, the pkcs11 interface isn't appropriate for them because they
don't actually represent tokens. The current most useful engine for
openssh keys are the TPM engines, which allow all private keys to be
stored in a form only the TPM hardware can decode,
2001 Mar 26
2
Openssh-2.5.1p1 and Solaris 2.6 problem with ssh_rsa_verify
We recently upgraded from an older version of SSH to OpenSSH
2.5.1p1 (OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f)
and are having problems on just a few hosts in our environment. The
other 200 systems are working fine. Every once in a blue-moon it will
connect with version 2.
When I try to connect to or from one of these hosts using SSH2 I
get the following error (I have sshd -d
2002 Jul 20
0
opensc smartcard support does not work
Hi,
sorry, I'm not on the list, so please answer directly.
I use opensc-0.7.0 and pcsc-lite-1.1.1 under FreeBSD 4.6
with Gemplus 410 and 430 smartcard readers and Schlumberger
cryptoflex smartcards.
I used openssh-3.2.2p1 but the relevant file scard-opensc.c
is unchanged in 3.4.
RSA authentication to a remote host running opensshd
did not work with the smartcard.
Investigating the problem
2008 Apr 28
1
Bug#478334: logcheck doesn't know about dkim-filter
Package: logcheck-database
Version: 1.2.63
> Apr 28 17:02:39 naam dkim-filter[15536]: 570BA180CE: bad signature data
> Apr 28 17:03:20 naam dkim-filter[15536]: A08D2180CE: bad signature data
> Apr 28 17:16:40 naam dkim-filter[15536]: BA397180CE SSL error:04077068:rsa routines:RSA_verify:bad signature
> Apr 28 17:16:40 naam dkim-filter[15536]: BA397180CE: bad signature data
> Apr 28
2012 Apr 19
2
OpenSSL ASN.1 vulnerability: sshd not affected
Hi,
Tavis Ormandy found some bugs in OpenSSL's ASN.1 and buffer code that
can be exploited to cause a heap overflow:
http://lists.grok.org.uk/pipermail/full-disclosure/2012-April/086585.html
Fortunately OpenSSH's sshd is not vulnerable - it has avoided the use
of ASN.1 parsing since 2002 when Markus wrote a custom RSA verification
function (openssh_RSA_verify):
2010 May 04
1
Bug#580260: logcheck-database: dkim-filter needs tweak
Package: logcheck-database
Version: 1.3.8
11 hex digits, and "no"
diff -ur logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dkim-filter logcheck-1.3.8/rulefiles/linux/ignore.d.server/dkim-filter
--- logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dkim-filter 2008-05-22 04:20:58.000000000 -0400
+++ logcheck-1.3.8/rulefiles/linux/ignore.d.server/dkim-filter 2010-05-04
2011 Aug 18
1
RSA_public_decrypt and FIPS
Does anyone knows if there is a patch for OpenSSH in order to make it work
with 0.9.8r OpenSSL in FIPS Mode ?
I'm having problem with the RSA_public_decrypt() function that is failing in
FIPS Mode, I changed it to use RSA_verify instead and setting the flag
"RSA_FLAG_NON_FIPS_ALLOW", and it's working fine now, but I'm not sure if
this is allowed in FIPS Mode, does anyone
2013 Jun 25
1
RFC: encrypted hostkeys patch
Hi,
About a year and a half ago I brought up the topic of encrypted hostkeys
and posted a patch
(http://marc.info/?l=openssh-unix-dev&m=132774431906364&w=2), and while the
general reaction seemed receptive to the idea, a few problems were pointed
out with the implementation (UI issues, ssh-keysign breakage).
I've finally had some spare time in which to get back to this, and I've
2002 Apr 24
1
Fwd: need help in ssh client: key exchange
This is debugs seen on server, whose keys are
not accepted by the client:
debug1: Seeding random number generator
debug1: sshd version OpenSSH_2.5.2p2
debug1: load_private_key_autodetect: type 0 RSA1
debug1: read SSH2 private key done: name rsa w/o
comment success 1
debug1: load_private_key_autodetect: type 1 RSA
debug1: read SSH2 private key done: name dsa w/o
comment success 1
debug1:
2002 Jun 28
1
hostbased authentication problem in 3.4
I am seeing the same issues as another recent post, hostbased
authentication in 3.4p1 not seeming to work. I tried the ssh-keysign.c
patch posted, didn't seem to fix the problem.
Details:
Solaris 7, OpenSSH 3.4p1, OpenSSL 0.9.6d
Key from client ssh_host_rsa_key.pub copied to server /etc/ssh/ssh_known_hosts2
with comma-separated client hostnames added to front and a blank space before
rest of
2003 Oct 08
4
OS/390 openssh
Hello Steve, Hello OpenSSH-portable developers,
I am building OpenSSH for our (EBCDIC-based) BS2000 mainframe
operating system, and I noticed you do the same for OS/390.
Because my initial ssh port was based on IBM's OSS port (ssh-1.2.2
or some such), I thought it was fair enough to help with a little
co-operation; we might come up with a unified EBCDIC patch which could
be contributed to
2012 Jul 21
2
Upgrade Problem from 2.0.18 to 2.1.7
hi there,
i'm running a debian wheezy in a chroot at a fritzbox 7230, running with
freetz. Running well until the upgrade of version 2.1.7 from debian
repros comming up.
after upgrade, the server comes up, but login is not possible.
Jul 20 20:13:46 master: Warning: Killed with signal 15 (by pid=15309
uid=0 code=kill)
Jul 20 20:13:46 master: Info: Dovecot v2.1.7 starting up (core dumps
2004 May 17
4
Redhat 7.3 compiling problem
Firstly, amazing software, props to all the developers.
I'm trying to compile the latest asterisk cvs checkout and keep getting
an error which I can't solve, any help would be much appreciated -
make[1]: Leaving directory `/usr/src/asterisk/stdtime'
if [ -d CVS ] && ! [ -f .version ]; then echo CVS-HEAD-05/17/04-16:45:34
> .version; fi
for x in res channels pbx apps
2013 May 15
2
Support for "ssh-rsa-sha256" and "ssh-dss-sha256" ?
Functionality request for supporting Digital Signatures for RSA and DSS
Public Key Algorithms in alignment with NIST SP800-131A.
I
assume this has been asked before, but I could not find in the
archives. Support of "ssh-rsa-sha256" and "ssh-dss-sha256" public key
algorithms for OpenSSH? I know Suite B Algorithms and x509 SSH
Extension Algorithms are supported, but not a
2005 Aug 09
2
error compiling asterisk on solaris
hello,
can anyone help me? im gettitng this error when i tried runnin make on solaris 9
rm -f include/asterisk/version.h.tmp
make[1]: `ast_expr.a' is up to date.
make[1]: Leaving directory `/export/home/fst/chris/cvs/asterisk'
gcc -g -o asterisk io.o sched.o logger.o frame.o loader.o config.o channel.o t ranslate.o file.o say.o pbx.o cli.o