Problem/bug report for "bad decrypted len" error in OpenSSH
Stefan Hadjistoytchev
sth at hq.bsbg.net
Fri Jun 13 16:04:01 EST 2003
Hi!
I think lines between 250-252 in file ssh-rsa.c in OpenSSH source code
should be commented ! ! !
REASON:
Using "SecureNetTerm Client" ( http://www.securenetterm.com/ ) with
"SecureKeyAgent" ver. 5.4.2.4 ( Or same is with Putty + SecureKeyAgent ) to
connect to OpenSSH server "OpenSSH ver. 3.6.1" using public key from Smart
Card certificate causes the following errors in "/var/log/auth/errors":
.............
sshd[1224] error: bad decrypted len: 36 != 20 + 15
sshd[1227] error: bad decrypted len: 36 != 20 + 15
.............
I sent a letter about this to SecureNetTerm and here is the answer:
> OpenSSH 3.6.1 is a little braindead when it comes to proper operation of
Certificates.
> All you have to do is edit the OpenSSL file ssh-rsa.c and comment out
lines 250-252.
> This is a redundant length check that is not technically correct. The
OpenSSH team is
> aware of the problem but don't care since they have no idea how to use
certificates.
Would You please comment on this or FIX this issue ?
Best regards
Stefan Hadjistoytchev
More information about the openssh-unix-dev
mailing list