buffer_get_bignum2: negative numbers not supported

Peter Koch spam.pkoch at dfgh.net
Sat Nov 27 22:08:30 EST 2004


Hi

I have added smartcard support to PuTTY and this worked fine
until yesterday when we replaced one of our Slackware-9 machines
by a Slackware-10 one.

Slackware-9 contained OpenSSH 3.5p1 while Slackware-10 has
OpenSSH 3.8.1p1.

Now the same keys that worked before do not work anymore and
OpenSSH fails with
buffer_get_bignum2: negative numbers not supported

I first supected that my smartcard-modification were the reason
and I double-checked the way I deliver the smartcards public
key to PuTTY. Maybe I forgot to prepend a 0x00 byte to a
modulus starting with 0x80. But I did not.

Here's the relevant output from sshd -ddd:

debug1: userauth-request for user root service ssh-connection method publickey
debug1: attempt 1 failures 1
debug2: input_userauth_request: try method publickey
debug1: test whether pkalg/pkblob are acceptable
debug3: mm_key_allowed entering
debug3: mm_request_send entering: type 20
debug3: monitor_read: checking request 20
debug3: mm_answer_keyallowed entering
debug3: mm_answer_keyallowed: key_from_blob: 0x8098168
debug1: temporarily_use_uid: 0/0 (e=0/0)
debug1: trying public key file /etc/ssh/authorized_keys.root
debug3: secure_filename: checking '/etc/ssh'
debug3: secure_filename: checking '/etc'
debug3: secure_filename: checking '/'

buffer_get_bignum2: negative numbers not supported

debug1: do_cleanup
debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED
debug3: mm_request_receive_expect entering: type 21
debug3: mm_request_receive entering
debug1: do_cleanup


And here's the relevant output from PuTTYs logfile:

Event Log: Pageant is running. Requesting keys.
Event Log: Pageant has 1 SSH2 keys
Event Log: Trying Pageant key #0
Outgoing packet type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
00000000 00 00 00 04 72 6f 6f 74 00 00 00 0e 73 73 68 2d ....root....ssh-
00000010 63 6f 6e 6e 65 63 74 69 6f 6e 00 00 00 09 70 75 connection....pu
00000020 62 6c 69 63 6b 65 79 00 00 00 00 07 73 73 68 2d blickey.....ssh-
00000030 72 73 61 00 00 00 98 00 00 00 07 73 73 68 2d 72 rsa........ssh-r
00000040 73 61 00 00 00 04 40 00 00 81 00 00 00 81 00 8b sa.... at .........
00000050 b2 9f 59 54 a9 6e 07 fd 50 bf 59 e1 b5 f3 a8 5d ..YT.n..P.Y....]
00000060 c5 60 df 39 58 ac 96 23 79 5d 75 c3 6b 3b e4 dd .`.9X..#y]u.k;..
00000070 21 42 4d be e7 e6 a5 d2 28 f1 3c f0 6d 77 3e b6 !BM.....(.<.mw>.
00000080 14 08 5d b6 d5 b1 7f 8a 13 6f 2e d7 00 bf 86 84 ..]......o......
00000090 a8 ac 22 01 2a 1f d9 5b 52 5a ff fa fc 1f e0 45 ..".*..[RZ.....E
000000a0 f1 e2 96 a6 20 da d7 94 2d 90 96 27 65 0f a1 be .... ...-..'e...
000000b0 6a 08 f5 bb fb 02 be 4a 07 80 cf cd 22 f0 40 2a j......J....".@*
000000c0 4a 61 f2 19 5d 9c 1e 1e 79 22 e9 c5 57 9d df Ja..]...y"..W..

As you can see the public key contained in the UserAuth-Request
is properly formatted. Public exponent is 40:00:00:81 (positive number)
and public modulus is 00:8b:b2....8d:df (also positive number)

So what's going on here. Since this is happening with my modified
PuTTY-only there may be something special with our smartcard
keys. The public exponent 40:00:00:81 is one that a "normal"
PuTTY-user would never use. But it worked with OpenSSH 3.5p1.

Any ideas?? The next thing I will try is to recompile OpenSSH 3.8.1p1
and add more debug-output to buffer-get_bignum2 so I can find
out what number OpenSSH thinks is a negative one. If that does
not help I probably must remove the negative-number-check.

But that's a dirty workaround only since our users could contact
our own OpenSSH servers only.

Peter Koch, (spam.pkoch at dfgh.net please replace spam by openssh)
__________________________________________________________
Mit WEB.DE FreePhone mit hoechster Qualitaet ab 0 Ct./Min.
weltweit telefonieren! http://freephone.web.de/?mc=021201




More information about the openssh-unix-dev mailing list