Openssh-2.5.1p1 and Solaris 2.6 problem with ssh_rsa_verify

Dennis Haag dhaag at pico.apple.com
Thu Mar 29 04:28:44 EST 2001 

Dennis Haag wrote:
> 
> We recently upgraded from an older version of SSH to OpenSSH
> 2.5.1p1 (OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f)
> and are having problems on just a few hosts in our environment. The
> other 200 systems are working fine. Every once in a blue-moon it will
> connect with version 2.
> 
> When I try to connect to or from one of these hosts using SSH2 I
> get the following error (I have sshd -d -d -d and ssh -2 -v -v -v
> output if that helps):
> 
> dhaag at cyberpup> ssh -2 waltst2
> ssh_rsa_verify: RSA_verify failed: error:04077068:rsa
> routines:RSA_verify:bad signature
> key_verify failed for server_host_key
> 
> Here's what I have done so far:
> -recompiled on the suspect box, no change.
> -compiled 2.5.2p2 on suspect box with no change.
> -don't see any network errors (netstat -i).
> -egd seems to be working fine, I can read and write bits with
> egc.pl.
> -tried changing and disabling some of the protocols with no
> change.
> -regenerated the host keys more than once (note: this takes much
> longer on this system than the working ones)
> 
> The system is a Sun Ultra-2 running Solaris 2.6 (uname -a: SunOS
> cyberpup 5.6 Generic_105181-21 sun4u sparc SUNW,Ultra-2). But it
> works fine on other Ultra-2's with the same OS and patch level.
> 
> Configure params: --prefix=/local/solaris_2.6/openssh2.5.1p1
> --with-tcp-wrappers --without-shadow
> --with-xauth=/usr/openwin/bin/xauth
> --with-ipv4-default --with-ssl-dir=/local/solaris_2.6/openssl0.9.6
> --sysconfdir=/etc/ssh --with-egd-pool=/dev/random/entropy
> --x-includes=/usr/openwin/include --x-libraries=/usr/openwin/lib
> 
> I am trying to schedule a reboot of the affected system to see if
> that makes any difference. My gut still tells me that I have an entropy
> problem, but I don't know a good test for that.
> 
> Any help appreciated.
> 
> --
> Dennis Haag
> haag at apple.com
> 408-974-6630

I have installed prngd instead of egd on the system and it seems that I can
connect more frequently, but about 75% of the time I'm getting one of the
following two errors:

ssh_rsa_verify: RSA_verify failed: error:04077068:rsa
routines:RSA_verify:bad signature
key_verify failed for server_host_key

ssh_rsa_verify: RSA_verify failed: error:0407006A:rsa
routines:RSA_padding_check_PKCS1_type_1:block type is not 01
key_verify failed for server_host_key

Can any of you more experienced ssh folks clue me into at least what these
error messages mean?

I also started getting some errors connecting via SSH1:

dhaag at cyberpup> ssh -1 ming
rsa_private_decrypt() failed
Disconnecting: respond_to_rsa_challenge: rsa_private_decrypt failed

This is on Solaris 2.6 with OpenSSH 2.5.1p1 and 2.5.2p2

Thanks,

Dennis

More information about the openssh-unix-dev mailing list