corrupt client keys question

Pete Flugstad peteflugstad at mchsi.com
Fri Nov 14 11:07:38 EST 2003


Jim Knoble wrote:
> You sure you're not running ssh-agent with the (uncorrupted) key added
> to it?

yes, no SSH-agent running.

> Can you reproduce this behavior on a -t rsa key that has a passphrase?

Seems I can, which really scares me.  Here are the files I'm working 
with.  rsa-pass is freshly generated with "ssh-keygen -t rsa" and I 
used a passphrase (not a good one, but I used one):

> [pete at taz tmp]$ ll
> total 16
> -rw-------    1 pete     pete          963 Nov 13 17:50 rsa-pass
> -rw-------    1 pete     pete          963 Nov 13 17:52 rsa-pass-corrupt
> -rw-------    1 pete     pete          218 Nov 13 17:51 rsa-pass-corrupt.pub
> -rw-------    1 pete     pete          218 Nov 13 17:50 rsa-pass.pub
> [pete at taz tmp]$ cat rsa-pass
> -----BEGIN RSA PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: DES-EDE3-CBC,210DCA300E488E36
> 
> r/oN1b4kfcCNX/8PtIe8yK6KdNXguSBX5W4OdbBhBaMKekhazj0QDLPdknwZyPUk
> RN3oYZt+dL/HmioK+djoIKL0ZjloiJshNnzVNL8edTLQrIgeptNRausEakjq8gyn
> P5WwMQqocdmq3c/ANcJEesi+rhrtiAm7MfHO5hKoBUhT17guhIY1DC2CzWbFa+hl
> m1cM2+mmemqGMFkW8kZWqf9GPCzGyVWk6qbIWPLq2LplvJuGIrZiBY839juuN2/0
> g4FEUvgWmjW2+kOvsrr2rGY7okCDV7BF6Du0xURqVpW34Y+iP+yl7QSfZsRSAP1R
> 7sMIvYx6gZaqfba0C3FDTNI+f4Zl126OpZBSdRY2Mn1/VW7FDN5GCH/L7xdVhlYr
> DXJILsdArI03SPIVyMbQcSjepLtHywvSMY8Iw4vm5St1S9Zmr2MUeICgui9TZ3RQ
> ji2+q3fM2WETGNm+PWP5eW96Sxd0AAz9AO55l8SGbXnMwMgtIj3+nrIquK3eatsu
> xetIognL/tQJG4nO1umM4cs6IM8XdaeyZeUQayGq55mqOIhj0nASD4sWTRlVZPIx
> K2Lti+u1ZKcBBkKaNIIY2ceMvsiL3PMNV1m3o2Es691WBCXtaXxoq28qJcjiXAvx
> DzV9itbV9Ic1h6u7QnAHjk4OhnbQk83C3l6Ww+3/IfoGeCngL4DFA2/W2ABPLJcJ
> 6EYdvAO5LqAvATA2WjaXexTIIQiRqtIoj3XOVsJ8cnyID8DY+bHRKIGOsRQc7TMf
> o13PSOo5fl4fPaeqwPVJD+9KkWPyWQ+wDWb2gfEgiNSKqmcxlhXpRA==
> -----END RSA PRIVATE KEY-----

I copied rsa-pass to rsa-pass-corrupt, then edited it, changing a
few characters from upper to lower case:

> [pete at taz tmp]$ diff rsa-pass rsa-pass-corrupt
> 14c14
> < K2Lti+u1ZKcBBkKaNIIY2ceMvsiL3PMNV1m3o2Es691WBCXtaXxoq28qJcjiXAvx
> ---
>> k2lti+u1ZKcBBkKaNIIY2ceMvsiL3PMNV1m3o2Es691WBCXtaXxoq28qJcjiXAvx

I can verify that the rsa key is OK and rsa-pass-corrupt key is bogus:

 > [pete at taz tmp]$ openssl rsa -check -in rsa-pass
 > Enter pass phrase for rsa-pass:
 > RSA key ok
 > writing RSA key
 > -----BEGIN RSA PRIVATE KEY-----
 > MIICXAIBAAKBgQC07DC7+w+8xMkmRF4O+f4NF0kKJlzKtd2Q86Cw/SXeq63TZwjD
 > FwyHyxje3713ccb2D9y7GRMFfNHQWvuYRDvp6gZiT3Z1nuNX7bsZ7yWY3FwFql37
 > nC6H28dReon7ipWKXWGQITl8lwUos3zkLTztmaF8q+Plvsdm3AMwXyRuGQIBIwKB
 > gQCqlY0JAqhwJ0FP91Fek++Ir44CQW1uq3kiRMq1gPfR8lNvjQhC6didSnaI/tc2
 > GtGI6mJnQ4b2i6FAys/19zEraUXyHwQYmnfgaNZ2am/Ru8BVl5qzBJYqf8amEukP
 > Avl1WwtQt0+u7OKzN0quzDyii7takYsp0pMkMU290vHaewJBAO5fypNUZaawK221
 > y3naumNrjvrcLlPewNu6E4Q0ZJLpUYOpdxkQ/wXHcLw/ANnk0OUYk9z1AAhhr7A6
 > ESHXIV0CQQDCTOSD9u4eER91rXuISKLv3qeK1fgkarEytqzahTG2dRl5KDfJnazE
 > i1b6qNxbsvQv2Xk8U4rPTYkHAk4nRQftAkAUbpxVxWfMdYAQt8+cuvoIhY/pndgV
 > 0UO7D/MLVPKtgbaHoM+xsP/qjXAQIqhNMN60jRP8/w6hofkdu9WVL7JnAkEAhTwK
 > aR5aIz7xADxx9w08hzmXdSUB7RX12aHVnSgiFrayYbUtkZCw+81C9QYTchRPq8hT
 > Ig1mf4Wfykq5P3/K6wJBAK74oVXD+oYXPBWdqNQpq7EuOGW+jmnOM1aS312pJZ+h
 > 0LmZkA0djBpSEjwHjcOVEBHVRXz5VgOEOb2EfvMulTw=
 > -----END RSA PRIVATE KEY-----
 > [pete at taz tmp]$ openssl rsa -check -in rsa-pass-corrupt
 > Enter pass phrase for rsa-pass-corrupt:
 > RSA key error: dmp1 not congruent to d
 > writing RSA key
 > -----BEGIN RSA PRIVATE KEY-----
 > MIICXAIBAAKBgQC07DC7+w+8xMkmRF4O+f4NF0kKJlzKtd2Q86Cw/SXeq63TZwjD
 > FwyHyxje3713ccb2D9y7GRMFfNHQWvuYRDvp6gZiT3Z1nuNX7bsZ7yWY3FwFql37
 > nC6H28dReon7ipWKXWGQITl8lwUos3zkLTztmaF8q+Plvsdm3AMwXyRuGQIBIwKB
 > gQCqlY0JAqhwJ0FP91Fek++Ir44CQW1uq3kiRMq1gPfR8lNvjQhC6didSnaI/tc2
 > GtGI6mJnQ4b2i6FAys/19zEraUXyHwQYmnfgaNZ2am/Ru8BVl5qzBJYqf8amEukP
 > Avl1WwtQt0+u7OKzN0quzDyii7takYsp0pMkMU290vHaewJBAO5fypNUZaawK221
 > y3naumNrjvrcLlPewNu6E4Q0ZJLpUYOpdxkQ/wXHcLw/ANnk0OUYk9z1AAhhr7A6
 > ESHXIV0CQQDCTOSD9u4eER91rXuISKLv3qeK1fgkarEytqzahTG2dRl5KDfJnazE
 > i1b6qNxbsvQv2Xk8U4rPTYkHAk4nRQftAkAUbpxVxWfMdYAQt8+cuvoIhY/pndgV
 > XP7Sv4nQO2kVijaHoM+xsP/qjXAQIqhNMN60jRP8/w6hofkdu9WVL7JnAkEAhTwK
 > aR5aIz7xADxx9w08hzmXdSUB7RX12aHVnSgiFrayYbUtkZCw+81C9QYTchRPq8hT
 > Ig1mf4Wfykq5P3/K6wJBAK74oVXD+oYXPBWdqNQpq7EuOGW+jmnOM1aS312pJZ+h
 > 0LmZkA0djBpSEjwHjcOVEBHVRXz5VgOEOb2EfvMulTw=
 > -----END RSA PRIVATE KEY-----

I added rsa-pass.pub to my ~/.ssh/authorized_keys and then tried to 
log in with rsa-pass:

> [pete at taz tmp]$ ssh -v localhost -i rsa-pass
> OpenSSH_3.6.1p2 Debian 1:3.6.1p2-9, SSH protocols 1.5/2.0, OpenSSL 0x0090703f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Rhosts Authentication disabled, originating port will not be trusted.
> debug1: Connecting to localhost [127.0.0.1] port 22.
> debug1: Connection established.
> debug1: identity file rsa-pass type 1
> debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2 Debian 1:3.6.1p2-9
> debug1: match: OpenSSH_3.6.1p2 Debian 1:3.6.1p2-9 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-9
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'localhost' is known and matches the RSA host key.
> debug1: Found key in /home/pete/.ssh/known_hosts:21
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password,keyboard-interactive
> debug1: Next authentication method: publickey
> debug1: Offering public key: rsa-pass
> debug1: Server accepts key: pkalg ssh-rsa blen 149 lastkey 0x80888a0 hint 0
> debug1: PEM_read_PrivateKey failed
> debug1: read PEM private key done: type <unknown>
> Enter passphrase for key 'rsa-pass':
> debug1: read PEM private key done: type RSA
> debug1: Authentication succeeded (publickey).
> debug1: channel 0: new [client-session]
> debug1: Entering interactive session.
> debug1: channel 0: request pty-req
> debug1: channel 0: request shell
> debug1: channel 0: open confirm rwindow 0 rmax 32768
> Linux taz 2.6.0-test9 #2 SMP Mon Oct 27 17:02:15 CST 2003 i686 GNU/Linux
> No mail.
> Last login: Thu Nov 13 17:56:20 2003 from taz
> [pete at taz pete]$ <Ctrl-D>
> debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
> debug1: channel 0: rcvd eof
> debug1: channel 0: output open -> drain
> debug1: channel 0: obuf empty
> debug1: channel 0: close_write
> debug1: channel 0: output drain -> closed
> debug1: channel 0: rcvd close
> debug1: channel 0: close_read
> debug1: channel 0: input open -> closed
> debug1: channel 0: almost dead
> debug1: channel 0: gc: notify user
> debug1: channel 0: gc: user detached
> debug1: channel 0: send close
> debug1: channel 0: is dead
> debug1: channel 0: garbage collecting
> debug1: channel_free: channel 0: client-session, nchannels 1
> Connection to localhost closed.
> debug1: Transferred: stdin 0, stdout 0, stderr 33 bytes in 15.5 seconds
> debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 2.1
> debug1: Exit status 0
> [pete at taz tmp]$

Now with the corrupt key:

> [pete at taz tmp]$ ssh -v localhost -i rsa-pass-corrupt
> OpenSSH_3.6.1p2 Debian 1:3.6.1p2-9, SSH protocols 1.5/2.0, OpenSSL 0x0090703f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Rhosts Authentication disabled, originating port will not be trusted.
> debug1: Connecting to localhost [127.0.0.1] port 22.
> debug1: Connection established.
> debug1: identity file rsa-pass-corrupt type 1
> debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2 Debian 1:3.6.1p2-9
> debug1: match: OpenSSH_3.6.1p2 Debian 1:3.6.1p2-9 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-9
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'localhost' is known and matches the RSA host key.
> debug1: Found key in /home/pete/.ssh/known_hosts:21
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password,keyboard-interactive
> debug1: Next authentication method: publickey
> debug1: Offering public key: rsa-pass-corrupt
> debug1: Server accepts key: pkalg ssh-rsa blen 149 lastkey 0x80888e0 hint 0
> debug1: PEM_read_PrivateKey failed
> debug1: read PEM private key done: type <unknown>
> Enter passphrase for key 'rsa-pass-corrupt':
> debug1: read PEM private key done: type RSA
> debug1: Authentication succeeded (publickey).
> debug1: channel 0: new [client-session]
> debug1: Entering interactive session.
> debug1: channel 0: request pty-req
> debug1: channel 0: request shell
> debug1: channel 0: open confirm rwindow 0 rmax 32768
> Linux taz 2.6.0-test9 #2 SMP Mon Oct 27 17:02:15 CST 2003 i686 GNU/Linux
> No mail.
> Last login: Thu Nov 13 17:56:35 2003 from taz
> [pete at taz pete]$ <Ctrl-D >
> debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
> debug1: channel 0: rcvd eof
> debug1: channel 0: output open -> drain
> debug1: channel 0: obuf empty
> debug1: channel 0: close_write
> debug1: channel 0: output drain -> closed
> debug1: channel 0: rcvd close
> debug1: channel 0: close_read
> debug1: channel 0: input open -> closed
> debug1: channel 0: almost dead
> debug1: channel 0: gc: notify user
> debug1: channel 0: gc: user detached
> debug1: channel 0: send close
> debug1: channel 0: is dead
> debug1: channel 0: garbage collecting
> debug1: channel_free: channel 0: client-session, nchannels 1
> Connection to localhost closed.
> debug1: Transferred: stdin 0, stdout 0, stderr 33 bytes in 51.3 seconds
> debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.6
> debug1: Exit status 0
> [pete at taz tmp]$

I reinstalled SSHD from the Debian archives to make sure I'm not 
running some kind of bogus SSH server and it still works.  I'd be 
surprised if this had happened as I tend to be pretty careful and 
pretty aware of what's going on with this box.  And, I've reproduced 
this behavior on our SSH port to vxWorks (which is where it came up in 
the first place).

I can corrupt the key to the point where the ASN1 parse fails:

> [pete at taz tmp]$ diff rsa-pass rsa-pass-corrupt2
> 10c10
> < 7sMIvYx6gZaqfba0C3FDTNI+f4Zl126OpZBSdRY2Mn1/VW7FDN5GCH/L7xdVhlYr
> ---
>> 7smivyx6gzaqfba0c3fdtni+f4zl126opzbsdry2mn1/vw7fdn5gch/L7xdVhlYr
> 13,14c13,14
> < xetIognL/tQJG4nO1umM4cs6IM8XdaeyZeUQayGq55mqOIhj0nASD4sWTRlVZPIx
> < K2Lti+u1ZKcBBkKaNIIY2ceMvsiL3PMNV1m3o2Es691WBCXtaXxoq28qJcjiXAvx
> ---
>> xetIognL/tQJG4nO1umM4cs6IM8Xdaeyzeuqaygq55mqoihj0nasd4swtrlvzpix
>> k2lti+u1ZKcBBkKaNIIY2ceMvsiL3PMNV1m3o2Es691WBCXtaXxoq28qJcjiXAvx

Then of course it doesn't work (as expected):

> [pete at taz tmp]$ openssl rsa -check -in rsa-pass-corrupt2
> Enter pass phrase for rsa-pass-corrupt2:
> unable to load Private Key
> 29272:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:140:
> 29272:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:935:
> 29272:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:628:
> 29272:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1 error:tasn_dec.c:566:Field=p, Type=RSA
> 29272:error:0D09A00D:asn1 encoding routines:d2i_PrivateKey:ASN1 lib:d2i_pr.c:96:
> 29272:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_pkey.c:117:

> [pete at taz tmp]$ ssh -v localhost -i rsa-pass-corrupt2
> OpenSSH_3.6.1p2 Debian 1:3.6.1p2-9, SSH protocols 1.5/2.0, OpenSSL 0x0090703f
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Rhosts Authentication disabled, originating port will not be trusted.
> debug1: Connecting to localhost [127.0.0.1] port 22.
> debug1: Connection established.
> debug1: identity file rsa-pass-corrupt2 type -1
> debug1: Remote protocol version 1.99, remote software version OpenSSH_3.6.1p2 Debian 1:3.6.1p2-9
> debug1: match: OpenSSH_3.6.1p2 Debian 1:3.6.1p2-9 pat OpenSSH*
> debug1: Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-9
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'localhost' is known and matches the RSA host key.
> debug1: Found key in /home/pete/.ssh/known_hosts:21
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password,keyboard-interactive
> debug1: Next authentication method: publickey
> debug1: Trying private key: rsa-pass-corrupt2
> debug1: PEM_read_PrivateKey failed
> debug1: read PEM private key done: type <unknown>
> Enter passphrase for key 'rsa-pass-corrupt2':
> debug1: PEM_read_PrivateKey failed
 > <Ctrl-C>

This is mighty strange.  I'm still wondering if I've been rooted...
If so, it's exceedingly well done.

Pete





More information about the openssh-unix-dev mailing list