Problem/bug report for "bad decrypted len" error in

Stefan Hadjistoytchev sth at
Wed Jun 18 17:35:37 EST 2003

Additional information:

1. Linux (sshd server ) ( same on AIX or other distributions )
a) Distibution: Trustix Secure Linux 2.0 beta 3
b) OpenSSH 3.6.1: |
c) sshd_config:
    Port 22
    Protocol 2
    PermitRootLogin no
    PubkeyAuthentication yes
    AuthorizedKeysFile .ssh/authorized_keys
    RhostsAuthentication no
    RhostsRSAAuthentication no
    HostbasedAuthentication no
    PasswordAuthentication no
    PermitEmptyPasswords no
    Subsystem sftp /usr/libexec/ssh/sftp-server

2. Windows ( ssh client )
a) Version: 2000/XP/98
b) SSH clients: Putty Release 0.53
( | SecureNetTerm
c) Smartcard Agent: Secure KeyAgent ( part of SecureNetTerm
( )
d) SmartCard Reader: Omnikey CardMan 1010 ( ) driver
e) SmartCard: Utimaco ( ) (SETEC | SETCOS based )
f) Smartcard CSP: Utimaco CSP ver.41121
f) Certificate (incl. public - private key)  generated on smart-card

Card certificate(public-private key auth) causes the following errors in
    sshd[1224] error: bad decrypted len: 36 != 20 + 15
    sshd[1227] error: bad decrypted len: 36 != 20 + 15

Extra byte is 00 i think :(

Comments on this error from SecureNetTerm team:
> OpenSSH 3.6.1 is a little braindead when it comes to proper operation of
> All you have to do is edit the OpenSSL file ssh-rsa.c and comment out
lines 250-252.
> This is a redundant length check that is not technically correct.  The
OpenSSH team is
> aware of the problem but don't care since they have no idea how to use

If anyone requires additional information - just let me know :)

Best regards
    Stefan Hadjistoytchev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2929 bytes
Desc: not available
Url : 

More information about the openssh-unix-dev mailing list