bug(?) with OpenSSH 4.4+ and large DSA ID keys
Darren Tucker
dtucker at zip.com.au
Fri Feb 9 14:19:25 EST 2007
downtime at slagheap.net wrote:
> Please pardon me if this is the wrong place, or operator error/
> retardation is involved. Any help is sincerely appreciated.
>
> fatal: mm_request_receive_expect: read: rtype 12 != type 24
That's a symptom of the bug fixed just before the release of OpenSSH 4.5
(where the monitor and slave get out of sync). I suggest that you
upgrade the (other) servers.
The reason for the different behaviour on some hosts is that it's
dependent on the OpenSSL library version (newer versions will refuse to
process DSA keys > ~3k). This means that your big keys still won't
work, but the server won't kill the connections either. Big DSA keys
don't really make sense for SSH so if you want big keys I suggest you
use RSA.
The "unknown key type" client debug messages are normal.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list