Created attachment 627 [details]
sshd debug log

Thie problem started in 3.8p1

Comment on attachment 627 [details]
sshd debug log

This started in 3.8p1

Could you please run sshd under a debugger and get a stack trace?  If you have
gdb, you can do this with:
# gdb ./sshd
(gdb) set args -ddd
(gdb run
[connect to server and wait for segfault]
(gdb) bt

then attach the backtrace to this bug.

Which OpenSSL version are you using, and did you use the same version with the
previously working OpenSSH version?

Created attachment 629 [details]
gdb log

OpenSSL 0.9.7d 17 Mar 2004

The previous version of OpenSSH that worked was 3.7.1p2 using the same
version of OpenSSL

The fault is definitely in libcrypto. Did you compile OpenSSH on the system or
on another box and move the binaries there?

Does OpenSSL's self test ("make tests") pass?

openssl-0.9.7d passes "make test" except for complaining that SunOS "bc" doesn't
work.  openssh-3.8.1p1 seems to work fine with openssl-0.9.7c  openssh-3.7.1p2
works with openssl-0.9.7d

Looking more at the debug trace causes me to seriously suspect a problem in
OpenSSL. Notice where we cross from OpenSSH to OpenSSL:

> #0  0x8bc60 in getrn ()
> #1  0x8babc in lh_retrieve ()
> #2  0x68a9c in def_get_class ()
> #3  0x68c04 in int_new_ex_data ()
> #4  0x69314 in CRYPTO_new_ex_data ()
> #5  0x47bb8 in RSA_new_method ()
> #6  0x48080 in RSA_new ()
> #7  0x323cc in key_new (type=1) at key.c:61

The line is question is simply: 

>		if ((rsa = RSA_new()) == NULL)
>			fatal("key_new: RSA_new failed");

I.e there are no parameters coming from OpenSSH that could be pointing to bad
places. The problem could still be corruption happening elsewhere in OpenSSH,
but that is less likely. You could test for this by linking with ElectricFence
or similar.

Can you create keys using "openssl genrsa 1024"?

6 months with no reply == closed bug

Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.