similar to: openssh 3.5p1 problem with openssl 0.9.6i

Oops, I meant to CC the list on this. -- Iain ----- Forwarded message from Iain Morgan <Iain.Morgan at nasa.gov> ----- Date: Thu, 17 Jan 2013 14:51:01 -0800 From: Iain Morgan <Iain.Morgan at nasa.gov> To: Damien Miller <djm at mindrot.org> Subject: Re: Inconsisten declaration of ssh_aes_ctr_iv() On Wed, Jan 16, 2013 at 21:26:39 -0600, Damien Miller wrote: > On Mon, 14 Jan

Hi, I have a returning problem with one of my sparc Solaris machines. I have a Ultra2 with two 296MHz processors. All recent combinations of openssh/openssl have a not permanent problem. If i try to connect to the machine, i get sometimes these errors: # ssh root at simba RSA_public_decrypt failed: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01 key_verify failed

I hope I don't get flamed the first time I post to a new list. I have spent a couple of hours poking around without seeing anything like this. The problem is, as soon as I load the Zaptel drivers (with a TDM-31B card), ssh into or out of the server is broken. Trying to ssh in, I get: RSA_public_decrypt failed: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01

---------- Forwarded message ---------- Date: Fri, 18 Jan 2013 10:19:35 +1100 (EST) From: Damien Miller <djm at mindrot.org> To: Iain Morgan <Iain.Morgan at nasa.gov> Subject: Re: Inconsisten declaration of ssh_aes_ctr_iv() On Thu, 17 Jan 2013, Iain Morgan wrote: > > Could you tell me the declaration of the function pointer do_cipher in > > OpenSSL's evp.h on your

Dear Group, I'm having a problem connecting Solaris 10 Server to a Redhat Enterprise Linux 5.4 and meanwhile pretty clueless on that issue. Hopefully I get at least a hint, from your group, where to look at. key-length is 2048, permissions are correct on .ssh-directory and the files itself, keygen is done manually. On the Linuxserver we're using openssh-4.3p2-36.el5, on Solaris the

Hello, I have a client machine and a server machine. I generated a pair of private-public rsa keys using ssh-keygen. On the client-machine, I uploaded my private key onto ~/.ssh/id_rsa On the server machine, I appended the content of the public key to .ssh/authorized_keys I can successfully connect from the client to the server with that config. However, on the client-side, if I add a

We recently upgraded from an older version of SSH to OpenSSH 2.5.1p1 (OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f) and are having problems on just a few hosts in our environment. The other 200 systems are working fine. Every once in a blue-moon it will connect with version 2. When I try to connect to or from one of these hosts using SSH2 I get the following error (I have sshd -d

Hi, i've installed Samba 3.0.23d on Solaris 10 (SPARC) with MIT Kerberos 1.5.1, openLDAP 2.3.30 and openSSL 0.9.8d. I have 2 Windows Server 2003 SP1 Domain Controller and about 20 Windows XP SP2 clients. My problem is that i can't get a kerberos ticket to join the domain. If i try to get a ticket with 'kinit Administrator@PONTOS.LOCAL' i get always the error kinit(v5): KDC

Hello, I have a problem with ssh client. I have: SSH-2.0-OpenSSH_2.3.1p1 When I try to connect to a sshd server (USING V2): Remote protocol version 1.99, remote software version OpenSSH_2.5.2p2 or Remote protocol version 2.0, remote software version OpenSSH_3.0.1p1 I get error (looking at codebase): In sshconnect2.c: ssh_dhgex_client(kex, host, hostaddr, client_kexinit,

(I'm sorry - the securityfocus mailing list is dead and there are no other SSH resources on the net) Hello, Client is (some netware installation) running: Local version string SSH-2.0-OpenSSH_3.7.1p2 Server is plain old FreeBSD 6.2-RELEASE running: OpenSSH_4.5p1 FreeBSD-20061110, OpenSSL 0.9.7e-p1 When I attempt to connect from client (netware) to server (freebsd) I see: ssh

Hello everyone, I've been asked by a colleague to have a look at some extremely weird dovecot SSL issue they are seeing on one of the student mailservers. They are running dovecot 1.1.6 (yes, I know, a bit old ...) on SLES 10.2 x86_64 with imap(+starttls), imaps, pop3(+starttls) and pop3s enabled. Every couple of weeks the pop3s and pop3+starttls part bail out out. Clients can't connect,

Hi, I am using OpenSSH 2.5.2p2 on Solaris 2.7 (Ultra 10) with 64bit support and have the following problem when connecting with the ssh2 protocol to non-solaris OS: On the client side, I do: /local/work/lysis/bin/slogin -v -2 -p 2222 rs30 On the server side (AIX 4.3), the sshd runs as follows: aix/sbin/sshd -p 2222 -d Full output follows at the end of this mail. The server is compiled with

Hello all, Earlier this week we disabled protocol 1 upon our machines while installing commercial ssh 3.2.0. Suddenly I discovered that the AIX systems running Openssh were not able to connect. I upgraded to the newly minted 3.4p1 and discovered the same problem. My limited poking around has shown the following: <16:59:38>atb at ursus:>ssh -vv atb at host <snip> debug1: bits

On Fri, Apr 22, 2016 at 3:41 AM, Damien Miller <djm at mindrot.org> wrote: > On Tue, 19 Apr 2016, Elouan Keryell-Even wrote: > >> Hello, >> >> I have a client machine and a server machine. I generated a pair of >> private-public rsa keys using ssh-keygen. >> >> On the client-machine, I uploaded my private key onto ~/.ssh/id_rsa >> >> On

code version referenced: openssh-5.9p1 Hi all, When building openssh with openssl (specifically versions newer than openssl 0.9.8q), there is an issue if FIPS mode is active for openssl. In ssh-rsa.c on line 243 RSA_public_decrypt is called, which is disallowed now in openssl (if in FIPS mode). The library requires appliactions to use the EVP API if running in FIPS mode so it can disallow

https://bugzilla.mindrot.org/show_bug.cgi?id=3675 Bug ID: 3675 Summary: CASignatureAlgorithms should be verified before verifying signatures Product: Portable OpenSSH Version: 9.7p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component:

Does anyone knows if there is a patch for OpenSSH in order to make it work with 0.9.8r OpenSSL in FIPS Mode ? I'm having problem with the RSA_public_decrypt() function that is failing in FIPS Mode, I changed it to use RSA_verify instead and setting the flag "RSA_FLAG_NON_FIPS_ALLOW", and it's working fine now, but I'm not sure if this is allowed in FIPS Mode, does anyone

https://bugzilla.mindrot.org/show_bug.cgi?id=1987 Bug #: 1987 Summary: FIPS signature verification incompatibility with openssl versions > 0.9.8q Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: normal

Hi, is there any chance to make SSH_RSA_MINIMUM_MODULUS_SIZE configurable? I keep receiving these messages: ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits key_verify failed for server_host_key And it's quite a hassle to recompile each time I need to use it (there are still devices where you can't fix it easily). Thanks Michal

Hi, already asked in the openssl mailing list, but just in case you already went through this... I need a little help with Certificate Revocation Lists. I did setup client certificates filtering with apache and it seem to work fine so far (used a tutorial on http://www.adone.info/?p=4, down right now). I have a "CA" that is signing a "CA SSL". Then, the "CA SSL" is