Problem/bug report for "bad decrypted len" error in OpenSSH
Markus Friedl
markus at openbsd.org
Fri Jun 13 17:54:17 EST 2003
no, we have no idea how to use certificates.
i don't see a bugzilla bug for this, so how can we be aware?
On Fri, Jun 13, 2003 at 09:04:01AM +0300, Stefan Hadjistoytchev wrote:
> Hi!
> I think lines between 250-252 in file ssh-rsa.c in OpenSSH source code
> should be commented ! ! !
>
> REASON:
> Using "SecureNetTerm Client" ( http://www.securenetterm.com/ ) with
> "SecureKeyAgent" ver. 5.4.2.4 ( Or same is with Putty + SecureKeyAgent ) to
> connect to OpenSSH server "OpenSSH ver. 3.6.1" using public key from Smart
> Card certificate causes the following errors in "/var/log/auth/errors":
> .............
> sshd[1224] error: bad decrypted len: 36 != 20 + 15
> sshd[1227] error: bad decrypted len: 36 != 20 + 15
> .............
>
> I sent a letter about this to SecureNetTerm and here is the answer:
>
> > OpenSSH 3.6.1 is a little braindead when it comes to proper operation of
> Certificates.
> > All you have to do is edit the OpenSSL file ssh-rsa.c and comment out
> lines 250-252.
> > This is a redundant length check that is not technically correct. The
> OpenSSH team is
> > aware of the problem but don't care since they have no idea how to use
> certificates.
>
> Would You please comment on this or FIX this issue ?
>
> Best regards
> Stefan Hadjistoytchev
>
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list