Bug 972

Summary: openssh-3.9_p1-r1 login problem
Product: Portable OpenSSH Reporter: Simon Stelling <blubb>
Component: sshdAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED INVALID    
Severity: normal    
Priority: P2    
Version: 3.9p1   
Hardware: Other   
OS: Linux   
URL: http://bugs.gentoo.org/show_bug.cgi?id=78073
Attachments:
Description Flags
key none

Description Simon Stelling 2005-01-15 23:43:36 AEDT 
sshd doesn't like this key:

cat ~hansmi/.ssh/authorized_keys2
ssh-dss
AAAB3NzaC1kc3MAAACBANuRyCB3NI4DEg5s9zWQID2N1zMUl/jKu8mjhhg03VbPUbIqhSy+5Eh0Bm/ccTdChBRvq6Y4pedFfkVhf5v2sAvhQfDB+q19kF2TLPUVvuKwClkr3Wk7+sSfhqlvxyEK04cwHkbM7fCopXFDhLcqaJuDsrVRM0FVfEFndsFtgPjPAAAAFQDUzCfxQxcZcPPQi6EGLNBhcSkewwAAAIEAhFtWzhgwHon0Ux8YhSdRy9mEDCT19Og6Eu/LkfqZEmhB38dJLzwDunNGRcAGMVvtm4280o8/bpqzCgJHh6/lq+pyBaP8gEdeFJRdZhuGcRc6ViW+hSxOc6fR/xNL+SSMxtDdSg925g6k79AyXGBnDA7r/REVpM3lLygDCEQhfqoAAACBAM0ZkrvhM6vq5lxXe9MrJA2bsM2laIBy
michael@koala.lan

when trying to login, the user gets this:

$ ssh -l hansmi host -p 2222
Connection closed by 217.148.7.65

/var/log/auth.log says:

Jan 15 12:59:33 aqua sshd[23772]: fatal: buffer_get: trying to get more bytes
129 than in buffer 24

password authentication works

gcc-3.4.3, glibc-2.3.4.20041102-r0, 2.6.9-gentoo-r10 x86_64
=================================================================
System uname: 2.6.9-gentoo-r10 x86_64 AMD Opteron(tm) Processor 242
Gentoo Base System version 1.6.8
sys-devel/autoconf:  2.59-r6, 2.13
sys-devel/automake:  1.5, 1.4_p6, 1.9.4, 1.8.5-r2, 1.6.3, 1.7.9
sys-devel/binutils:  2.15.92.0.2-r2
sys-devel/libtool:   1.5.10-r2
virtual/os-headers:  2.6.8.1-r3
CFLAGS="-O3 -pipe -march=k8"
CHOST="x86_64-pc-linux-gnu"
CXXFLAGS="-O3 -pipe -march=k8"
MAKEOPTS="-j3"

it was built with support for the following:

net-misc/openssh-3.9_p1-r1 tcpd

-r1 is gentoo-specific

this is an amd64-box

please also have a look at the gentoo bug in the url
Comment 1 Damien Miller 2005-01-16 01:06:38 AEDT 
The key looks to be corrupt in some way (ssh-keygen can't parse it either).
OpenSSH -current will more gracefully handle such broken keys and not terminate
the connection when it encounters them.

Could you check that the public key is not damaged? You can regenerate the
public key from the private key using "ssh-keygen -yf /path/to/private.key"
Comment 2 Simon Stelling 2005-01-16 03:07:02 AEDT 
seems like the key is correct, keygen built exactly the same again
Comment 3 Damien Miller 2005-01-16 09:02:30 AEDT 
Please attach the public key as a file to this bug.
Comment 4 Simon Stelling 2005-01-17 00:29:26 AEDT 
Created attachment 768 [details]
key

here you are
Comment 5 Darren Tucker 2005-02-02 12:40:13 AEDT 
The public key appears truncated: encoded it's about 140 bytes shorter than a
1024-bit DSA key.  A couple of things to try:

* does the OpenSSL library's self-test pass?  ("make test" after building).
* perhaps the private key is damaged.  Does the same problem occur if you
generate and use a new private key?
* does the problem occur if you build OpenSSL and OpenSSH without the compiler
optimization?
Comment 6 Simon Stelling 2005-02-02 20:42:13 AEDT 
* does the OpenSSL library's self-test pass?  ("make test" after building).

yes

* perhaps the private key is damaged.  Does the same problem occur if you
generate and use a new private key?

that's possible, the same key has afaik also problems on a sparc/alpha. any
other keys i'm using work, so i think it's the key that is truncated.

thanks anyway
Comment 7 Darren Tucker 2006-10-07 11:38:32 AEST 
Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.