Openssh-2.5.1p1 and Solaris 2.6 problem with ssh_rsa_verify

Rachit Siamwalla rachit at ensim.com
Fri Mar 30 10:14:44 EST 2001 

I have got this problem as well, logging in from a 2.3.0p1 (mid jan
snapshot version) Linux client to a 2.5.2p2 Solaris server. However, the
error consistently is 

ssh_rsa_verify: RSA_verify failed: error:04077067:rsa. (instead of
04077068)

When upgrading the Linux client to 2.5.2p2 client, everything worked.

-rchit

Dennis Haag wrote:
> 
> Dennis Haag wrote:
> >
> > We recently upgraded from an older version of SSH to OpenSSH
> > 2.5.1p1 (OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f)
> > and are having problems on just a few hosts in our environment. The
> > other 200 systems are working fine. Every once in a blue-moon it will
> > connect with version 2.
> >
> > When I try to connect to or from one of these hosts using SSH2 I
> > get the following error (I have sshd -d -d -d and ssh -2 -v -v -v
> > output if that helps):
> >
> > dhaag at cyberpup> ssh -2 waltst2
> > ssh_rsa_verify: RSA_verify failed: error:04077068:rsa
> > routines:RSA_verify:bad signature
> > key_verify failed for server_host_key
> >
> > Here's what I have done so far:
> > -recompiled on the suspect box, no change.
> > -compiled 2.5.2p2 on suspect box with no change.
> > -don't see any network errors (netstat -i).
> > -egd seems to be working fine, I can read and write bits with
> > egc.pl.
> > -tried changing and disabling some of the protocols with no
> > change.
> > -regenerated the host keys more than once (note: this takes much
> > longer on this system than the working ones)
> >
> > The system is a Sun Ultra-2 running Solaris 2.6 (uname -a: SunOS
> > cyberpup 5.6 Generic_105181-21 sun4u sparc SUNW,Ultra-2). But it
> > works fine on other Ultra-2's with the same OS and patch level.
> >
> > Configure params: --prefix=/local/solaris_2.6/openssh2.5.1p1
> > --with-tcp-wrappers --without-shadow
> > --with-xauth=/usr/openwin/bin/xauth
> > --with-ipv4-default --with-ssl-dir=/local/solaris_2.6/openssl0.9.6
> > --sysconfdir=/etc/ssh --with-egd-pool=/dev/random/entropy
> > --x-includes=/usr/openwin/include --x-libraries=/usr/openwin/lib
> >
> > I am trying to schedule a reboot of the affected system to see if
> > that makes any difference. My gut still tells me that I have an entropy
> > problem, but I don't know a good test for that.
> >
> > Any help appreciated.
> >
> > --
> > Dennis Haag
> > haag at apple.com
> > 408-974-6630
> 
> I have installed prngd instead of egd on the system and it seems that I can
> connect more frequently, but about 75% of the time I'm getting one of the
> following two errors:
> 
> ssh_rsa_verify: RSA_verify failed: error:04077068:rsa
> routines:RSA_verify:bad signature
> key_verify failed for server_host_key
> 
> ssh_rsa_verify: RSA_verify failed: error:0407006A:rsa
> routines:RSA_padding_check_PKCS1_type_1:block type is not 01
> key_verify failed for server_host_key
> 
> Can any of you more experienced ssh folks clue me into at least what these
> error messages mean?
> 
> I also started getting some errors connecting via SSH1:
> 
> dhaag at cyberpup> ssh -1 ming
> rsa_private_decrypt() failed
> Disconnecting: respond_to_rsa_challenge: rsa_private_decrypt failed
> 
> This is on Solaris 2.6 with OpenSSH 2.5.1p1 and 2.5.2p2
> 
> Thanks,
> 
> Dennis

More information about the openssh-unix-dev mailing list