ssh2 key passphrase problems in 2.9.9 on Linux

Phil Stracchino alaric at babcom.com
Sat Sep 29 08:03:30 EST 2001 

On Fri, Sep 28, 2001 at 11:00:25AM -0700, Phil Stracchino wrote:
> On Fri, Sep 28, 2001 at 06:21:26PM +0100, Dr S N Henson wrote:
> > Read the bit in the FAQ about adding an ERR_print_errors_fp() call then
> > see what it says is the cause.


I tried using ERR_print_errors_fp() in the appropriate location and it 
reported nothing.  I therefore took a slightly different tack.  I changed 
the error detection code in key_load_private_pem() in authfile.c from 
this:

	pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
	if (pk == NULL) {
		debug("PEM_read_PrivateKey failed");
		(void)ERR_get_error();
	} else if (pk->type == EVP_PKEY_RSA && ....

to this:

	pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
	if (pk == NULL) {
		error("PEM_read_PrivateKey failed");
		while (ERR_peek_error())
		  error("PEM error %ld: %s", 
			ERR_peek_error(), 
			ERR_error_string(ERR_get_error(), NULL));
        } else if (pk->type == EVP_PKEY_RSA && ....


Right up to the point at which that PEM_read_PrivateKey() call is 
executed, everything appears to be working perfectly.  At the moment of 
making this call:

  filename is "/root/.ssh/id_dsa"
  passphrase contains the correct password
  fp is valid, and _IO_read_base points at the string:
    "-----BEGIN DSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\n
     DEK-Info: DES-EDE3-CBC,<data....>"

The passphrase supplied is known to be correct, and successfully unlocks
this keyfile on a Solaris 8 machine which is running the same version of
both OpenSSH and OpenSSL.  Nevertheless, PEM_read_PrivateKey returns NULL,
but according to ERR_peek_error(), no error has occurred.  I am unable to 
trace into the PEM_read_PrivateKey() call using gdb.



-- 
   Linux Now!   .........Because friends don't let friends use Microsoft.
  phil stracchino   ::   alaric at babcom.com   ::   halmayne at sourceforge.net
    unix ronin     ::::   renaissance man   ::::   mystic zen biker geek
     2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)

More information about the openssh-unix-dev mailing list