ssh2 key passphrase problems in 2.9.9 on Linux
Phil Stracchino
alaric at babcom.com
Sat Sep 29 02:07:56 EST 2001
On Fri, Sep 28, 2001 at 08:04:36PM +1000, Damien Miller wrote:
> On Thu, 27 Sep 2001, Phil Stracchino wrote:
>
> > I have finally managed to isolate this down to the following: For SSH2
> > DSA and RSA keys, the OpenSSL PEM_read_PrivateKey() macro, called from
> > authfile.c line 448:
> >
> > pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
> >
> > is consistently failing and always returns NULL, whereas it should be
> > returning a EVP_PKEY struct with pk->type containing either EVP_PKEY_RSA
> > or EVP_PKEY_DSA. As far as I can see from the OpenSSL code, this means
> > that BIO_new(BIO_s_file()) has to be returning NULL, but that's as far as
> > I can figure it out; the internals of OpenSSL are utterly impenetrable to
> > me.
> >
> > Any suggestions, anyone? I think I've taken this problem about as far as
> > I can diagnose it myself.
>
> Have you ruled out corruption of the keyfile itself?
I have. The keyfile works fine on the Solaris machine next to me.
> Did OpenSSL pass its own self-tests?
All of them, I believe. On the last install I paid particular attention
to the PEM tests, and they all passed.
> When you compiled OpenSSL or OpenSSH, did you have any old OpenSSL header
> files lying around? These are a frequent cause of weird problems.
Probably the installed headers, yes, though at this point I've installed
0.9.6b about six times and one would think they'd all been replaced by
now.
> You could try putting a printf() before the above call to see if the
> correct passphrase is getting passed to OpenSSL.
I've traced the execution in gdb, and as far as I can tell everything is
correct right up to that PEM_read_PrivateKey call.
--
Linux Now! .........Because friends don't let friends use Microsoft.
phil stracchino :: alaric at babcom.com :: halmayne at sourceforge.net
unix ronin :::: renaissance man :::: mystic zen biker geek
2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)
More information about the openssh-unix-dev
mailing list