Problem/bug report for "bad decrypted len" error in OpenSSH
Stefan Hadjistoytchev
sth at hq.bsbg.net
Fri Jun 13 22:59:56 EST 2003
Should I report it to BugZilla ?
Stefan
----- Original Message -----
From: "Markus Friedl" <markus at openbsd.org>
To: "Stefan Hadjistoytchev" <sth at hq.bsbg.net>
Cc: <openssh-unix-dev at mindrot.org>
Sent: Friday, June 13, 2003 10:54 AM
Subject: Re: Problem/bug report for "bad decrypted len" error in OpenSSH
> no, we have no idea how to use certificates.
>
> i don't see a bugzilla bug for this, so how can we be aware?
>
> On Fri, Jun 13, 2003 at 09:04:01AM +0300, Stefan Hadjistoytchev wrote:
> > Hi!
> > I think lines between 250-252 in file ssh-rsa.c in OpenSSH source code
> > should be commented ! ! !
> >
> > REASON:
> > Using "SecureNetTerm Client" ( http://www.securenetterm.com/ ) with
> > "SecureKeyAgent" ver. 5.4.2.4 ( Or same is with Putty + SecureKeyAgent )
to
> > connect to OpenSSH server "OpenSSH ver. 3.6.1" using public key from
Smart
> > Card certificate causes the following errors in "/var/log/auth/errors":
> > .............
> > sshd[1224] error: bad decrypted len: 36 != 20 + 15
> > sshd[1227] error: bad decrypted len: 36 != 20 + 15
> > .............
> >
> > I sent a letter about this to SecureNetTerm and here is the answer:
> >
> > > OpenSSH 3.6.1 is a little braindead when it comes to proper operation
of
> > Certificates.
> > > All you have to do is edit the OpenSSL file ssh-rsa.c and comment out
> > lines 250-252.
> > > This is a redundant length check that is not technically correct. The
> > OpenSSH team is
> > > aware of the problem but don't care since they have no idea how to use
> > certificates.
> >
> > Would You please comment on this or FIX this issue ?
> >
> > Best regards
> > Stefan Hadjistoytchev
> >
> >
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>
More information about the openssh-unix-dev
mailing list