[Bug 3279] UpdateHostKeys triggers "client_global_hostkeys_private_confirm: server gave bad signature for RSA key 0" error message

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri May 14 13:35:42 AEST 2021


https://bugzilla.mindrot.org/show_bug.cgi?id=3279

--- Comment #11 from Damien Miller <djm at mindrot.org> ---
> client_global_hostkeys_private_confirm: server gave bad signature for RSA key 0: error in libcrypto

hmm, this is not what I expected. This particular error can only occur
during RSA verification here:
https://github.com/openssh/openssh-portable/blob/e86968280e358e62649d268d41f698d64d0dc9fa/ssh-rsa.c#L429
and indicates an RSA decryption failure in OpenSSL libcrypto.

Moreover I can't reproduce the same problem with OpenSSH 7.9 sshd
locally - the hostkey update signature function fine for RSA keys.

This makes me suspect that either gitlab.com is returning an incorrect
signature, or OpenSSL libcrypto is failing to verify a good one on your
platform.

I don't know much about how the ssh client in git-for-windows works. Is
it built from Cygwin, Microsoft's OpenSSH port or something else?

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list