[Bug 3279] UpdateHostKeys triggers "client_global_hostkeys_private_confirm: server gave bad signature for RSA key 0" error message

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Jul 16 10:07:47 AEST 2021


--- Comment #22 from Damien Miller <djm at mindrot.org> ---
Created attachment 3537
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3537&action=edit
test "program"

This is what I used, I basically hacked it in to ssh-keygen.c. It's the
opposite of pretty :)

You'll also need to repack the dumped signature into base64 and paste
it in to the sshbuf_b64tod() call. I used something like:

$ python3
>>> h='484a9f2d24757...' # Line from RSA_public_decrypt: sig=...
>>> import base64
>>> b=base64.b16decode(h, True)
>>> base64.b64encode(b)

As to why ssh works while this particular operation is failing while
your ssh connection remains successful - it's probably because you're
not using RSA for the regular key exchange signature, but Ed25519:

debug1: kex: host key algorithm: ssh-ed25519

If you try something like:

for x in rsa-sha2-512 rsa-sha2-256 ssh-rsa ; do ssh
-oHostkeyAlgorithms=$x -oStrictHostkeyChecking=no
-oUserKnownHostsFile=/tmp/gitlab git at gitlab.com ; done

Then you can exercise RSA (across its variants) in the signature path

You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

More information about the openssh-bugs mailing list