corrupt client keys question
Jim Knoble
jmknoble at pobox.com
Fri Nov 14 06:50:12 EST 2003
Circa 2003-11-13 09:22:10 -0600 dixit Pete Flugstad:
: summary: I have a situation in which a private RSA key has been
: corrupted, but it's still possible to log into a SSH server using that
: file. This is with OpenSSH 3.6.1p2 Debian.
:
: I have a SSH public/private key pair generated with "ssh-keygen -t
: rsa". I can use the private key to successfully log into a SSH server
: which has the public key in it's the authorized_keys file.
:
: I can also make a copy of the SSH private key, edit the file and
: change some characters, such as making them lowercase. Assuming that
: the ssh client will still read the file (which depends on where the
: file is corrupted) I can still use this corrupted file and STILL
: successfully log into the SSH server.
:
: Running openssl rsa -check on the corrupted private confirms it's corrupt:
:
: > $ openssl rsa -in rsa-corrupt1 -check
: > RSA key error: dmp1 not congruent to d
: > ...
: > $
:
: I can understand the SSH client not checking that the private key is
: valid, but I would expect that this would be uncovered when the SSH
: server attempts to verify the signature?
:
: Anyone got a clue on how this is working, or am I just getting lucky
: on which part of the SSH private key I corrupt is not used for the
: signature?
You sure you're not running ssh-agent with the (uncorrupted) key added
to it?
Can you reproduce this behavior on a -t rsa key that has a passphrase?
--
jim knoble | jmknoble at pobox.com | http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
"We have guided missiles and misguided men." --Martin Luther King, Jr.
More information about the openssh-unix-dev
mailing list