2.5.2 cannot handle 2048bit DSA keys?
Edmund Lam
epl at myriad.its.unimelb.edu.au
Thu Apr 5 16:46:08 EST 2001
Hi,
I believe I may have found a bug with OpenSSH 2.5.2p2 My guess would
be that it exists with 2.5.x, though my only experience so far has been
ONLY with Red Hat's RPMS openssh-2.5.2p2-1.7.i386.rpm and
openssh-2.5.2p2-1.7.2.i386.rpm
It seems that ssh-keygen can generate a large DSA identity key
easily (ssh-keygen -t dsa -b 2048), but that ssh itself cannot handle
such a large key and fails. In particular, an error message is from
key.c:421 of the source (openssh-2.5.2p2.tar.gz). On the screen, it
displays
===
key_read: uudecode AAAAB3NzaC1kc3...
...
===
but interestingly, does NOT print the final "failed".
Since DSA identity keys are only used with protocol 2, that is what
I've tested so far. I have NOT tested OpenSSH with large RSA1 or RSA
keys. Furthermore, this bug may also occur with host keys, but again I
have not tested. Lastly, I agree that there is limited amount of extra
security afforded by a 2048bit key, but that isn't the point here.
Note that I am NOT subscribed to this list. Therefore, I'd like to
have replies and any eventual resolution CC'ed to me please.
Thanks
Eddie <epl at unimelb.edu.au>
More information about the openssh-unix-dev
mailing list