ssh2 key passphrase problems in 2.9.9 on Linux
Damien Miller
djm at mindrot.org
Fri Sep 28 20:04:36 EST 2001
On Thu, 27 Sep 2001, Phil Stracchino wrote:
> I have finally managed to isolate this down to the following: For SSH2
> DSA and RSA keys, the OpenSSL PEM_read_PrivateKey() macro, called from
> authfile.c line 448:
>
> pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
>
> is consistently failing and always returns NULL, whereas it should be
> returning a EVP_PKEY struct with pk->type containing either EVP_PKEY_RSA
> or EVP_PKEY_DSA. As far as I can see from the OpenSSL code, this means
> that BIO_new(BIO_s_file()) has to be returning NULL, but that's as far as
> I can figure it out; the internals of OpenSSL are utterly impenetrable to
> me.
>
> Any suggestions, anyone? I think I've taken this problem about as far as
> I can diagnose it myself.
Have you ruled out corruption of the keyfile itself?
Did OpenSSL pass its own self-tests?
When you compiled OpenSSL or OpenSSH, did you have any old OpenSSL header
files lying around? These are a frequent cause of weird problems.
You could try putting a printf() before the above call to see if the
correct passphrase is getting passed to OpenSSL.
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
More information about the openssh-unix-dev
mailing list