Problem/bug report for "bad decrypted len" error in OpenSSH

Stefan Hadjistoytchev sth at hq.bsbg.net
Fri Jun 13 16:04:01 EST 2003


Hi!
I think lines between 250-252 in  file ssh-rsa.c in OpenSSH source code
should be commented ! ! !

REASON:
Using "SecureNetTerm Client" ( http://www.securenetterm.com/ ) with
"SecureKeyAgent" ver. 5.4.2.4 ( Or same is with Putty + SecureKeyAgent ) to
connect to OpenSSH server "OpenSSH ver. 3.6.1" using public key from Smart
Card certificate causes the following errors in "/var/log/auth/errors":
    .............
    sshd[1224] error: bad decrypted len: 36 != 20 + 15
    sshd[1227] error: bad decrypted len: 36 != 20 + 15
    .............

I sent a letter about this to SecureNetTerm and here is the answer:

> OpenSSH 3.6.1 is a little braindead when it comes to proper operation of
Certificates.
> All you have to do is edit the OpenSSL file ssh-rsa.c and comment out
lines 250-252.
> This is a redundant length check that is not technically correct.  The
OpenSSH team is
> aware of the problem but don't care since they have no idea how to use
certificates.

Would You please comment on this or FIX this issue ?

Best regards
    Stefan Hadjistoytchev





More information about the openssh-unix-dev mailing list