Openssh-2.5.1p1 and Solaris 2.6 problem with ssh_rsa_verify

[Dennis Haag]

We recently upgraded from an older version of SSH to OpenSSH
2.5.1p1 (OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f)
and are having problems on just a few hosts in our environment. The 
other 200 systems are working fine. Every once in a blue-moon it will
connect with version 2.

When I try to connect to or from one of these hosts using SSH2 I
get the following error (I have sshd -d -d -d and ssh -2 -v -v -v 
output if that helps):

dhaag at cyberpup> ssh -2 waltst2
ssh_rsa_verify: RSA_verify failed: error:04077068:rsa
routines:RSA_verify:bad signature
key_verify failed for server_host_key

Here's what I have done so far:
-recompiled on the suspect box, no change.
-compiled 2.5.2p2 on suspect box with no change.
-don't see any network errors (netstat -i).
-egd seems to be working fine, I can read and write bits with
egc.pl.
-tried changing and disabling some of the protocols with no
change.
-regenerated the host keys more than once (note: this takes much
longer on this system than the working ones)

The system is a Sun Ultra-2 running Solaris 2.6 (uname -a: SunOS
cyberpup 5.6 Generic_105181-21 sun4u sparc SUNW,Ultra-2). But it 
works fine on other Ultra-2's with the same OS and patch level.

Configure params: --prefix=/local/solaris_2.6/openssh2.5.1p1
--with-tcp-wrappers --without-shadow
--with-xauth=/usr/openwin/bin/xauth
--with-ipv4-default --with-ssl-dir=/local/solaris_2.6/openssl0.9.6
--sysconfdir=/etc/ssh --with-egd-pool=/dev/random/entropy
--x-includes=/usr/openwin/include --x-libraries=/usr/openwin/lib

I am trying to schedule a reboot of the affected system to see if
that makes any difference. My gut still tells me that I have an entropy
problem, but I don't know a good test for that.

Any help appreciated.

-- 
Dennis Haag                            
haag at apple.com                         
408-974-6630