[Bug 3279] UpdateHostKeys triggers "client_global_hostkeys_private_confirm: server gave bad signature for RSA key 0" error message
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Jul 15 10:06:14 AEST 2021
https://bugzilla.mindrot.org/show_bug.cgi?id=3279
--- Comment #18 from Damien Miller <djm at mindrot.org> ---
The debugging contains a signature from the server, being (hex
encoded):
484a9f2d247575206758581a99945cc0964dcb38e83ec57204d10f3421180131677082cb4aaa90a0bd2df2927e40382903866677caf2553f152156a77fe8462ce20466a08ec530ee3be6f9780e39b9f112d98db389e225d2025ad0b2a27498b56f36ce322f03124f911f4bb92311d3870dbfb988b46898d6a7b94833a6af9c9eefab7c77ca082aba62161c79d7f73842681e8da68d4b527b27104701f5e74136028550ccca3f55a1c0cafa35be7afdda609712d5d278122977867c9d1925cfee89687950be9837e696a472f9cd92a9dd7afbf4eae25d225b497da87d24af99ead3302dfbbf2085d04a91277e850ebf46828da7e5b04a9938649fe0c94a240d42
I retrieved gitlab.com's rsa key. It's:
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
With these, I hacked up a small program to load the key and run the
libcrypto RSA_public_decrypt() operation that fails in your case.
It worked for me and yielded a decrypted signature:
decrypted: len=35
0000: 30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 59 0!0...+........Y
0016: 90 c1 b8 16 fd f3 aa a4 d8 a6 3f 94 e0 21 03 c5 ..........?..!..
0032: e4 c2 c7
This is a structurally valid PKCS#1 1.5 rsa-sha1 padded hash.
So I think that something is wrong inside your libcrypto/OpenSSL
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list