Re: x.509 & key_verify() error

From: Curtis Steward (nd_stew_at_yahoo.com)
Date: 09/18/03

  • Next message: Antonio Carlos: "Re: OpenSSH Security Advisory: buffer.adv"
    Date: Thu, 18 Sep 2003 07:05:47 -0700 (PDT)
    To: Roumen Petrov <openssh@roumenpetrov.info>
    
    

    If I understand you right:

      Any key sig type should be md5, sha1 is invalid.

      Key length of 2048 is invalid, so gen a new set of
    keys, what is max length?

      OpenSSL needs to be at 0.9.7 or greater.

    If I do these three things I should then be
    functional, then I'll think about upgrading to OpenSSH
    3.7.1. And no, there is no plans for this patch in
    3.8 :(

    Thx

    --- Roumen Petrov <openssh@roumenpetrov.info> wrote:
    > "make check" cannot reproduce you problem when:
    > - all keys are 2048 bits;
    > - server use rsa(with md5)+cert as hostkey;
    > - client and server config contain
    > X509rsaSigType=sha1 option;
    > - even "OpenSSH with X.509 cert support" is build
    > with openssl 0.9.7x
    > but "make check" use openssl 0.9.6x.
    >
    >
    > Curtis Steward wrote:
    >
    > >I've been struggling on configuring Roumen's patch
    > >for x.509. I've been through README.x509v3, anyone
    >
    > >know of a complete howto with full examples, the
    > mix
    > >and matching of keys can get kind of complicated...
    > >
    > >The configuration follows the key_verify() error,
    > >which
    > >I can't seem to get past.
    > >
    > >Oh yea, any plans for this patch to be included in
    > >3.8?
    > >
    > >
    > >
    > >######################
    > >Error - "key_verify failed for server_host_key"
    > >######################
    > >/usr/local/sbin/sshd -ddd
    > >...
    > >debug1: read PEM private key begin
    > >debug1: read X509 certificate done: type RSA+cert
    > >debug1: read PEM private key done: type RSA+cert
    > >debug1: private host key: #0 type 3 RSA+cert
    > >socket: Address family not supported by protocol
    > >debug1: Bind to port 22 on 0.0.0.0.
    > >Server listening on 0.0.0.0 port 22.
    > >debug1: Server will not fork when running in
    > debugging
    > >mode.
    > >Connection from 127.0.0.1 port 38500
    > >debug1: Client protocol version 2.0; client
    > software
    > >version OpenSSH_3.6.1p2
    > >debug1: match: OpenSSH_3.6.1p2 pat OpenSSH*
    > >debug1: Enabling compatibility mode for protocol
    > 2.0
    > >debug1: Local version string
    > SSH-2.0-OpenSSH_3.6.1p2
    > >debug2: Network child is on pid 19345
    > >debug3: preauth child monitor started
    > >debug3: mm_request_receive entering
    > >debug3: privsep user:group 74:74
    > >debug1: permanently_set_uid: 74/74
    > >debug1: list_hostkey_types: x509v3-sign-rsa
    > >debug1: SSH2_MSG_KEXINIT sent
    > >debug1: SSH2_MSG_KEXINIT received
    > >debug2: kex_parse_kexinit:
    >
    >diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
    > >debug2: kex_parse_kexinit: x509v3-sign-rsa
    > >debug2: kex_parse_kexinit:
    >
    >aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
    > >debug2: kex_parse_kexinit:
    >
    >aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
    > >debug2: kex_parse_kexinit:
    >
    >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    > >debug2: kex_parse_kexinit:
    >
    >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    > >debug2: kex_parse_kexinit: none,zlib
    > >debug2: kex_parse_kexinit: none,zlib
    > >debug2: kex_parse_kexinit:
    > >debug2: kex_parse_kexinit:
    > >debug2: kex_parse_kexinit: first_kex_follows 0
    > >debug2: kex_parse_kexinit: reserved 0
    > >debug2: kex_parse_kexinit:
    >
    >diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
    > >debug2: kex_parse_kexinit:
    > >x509v3-sign-rsa,x509v3-sign-dss,ssh-rsa,ssh-dss
    > >debug2: kex_parse_kexinit:
    >
    >aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
    > >debug2: kex_parse_kexinit:
    >
    >aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
    > >debug2: kex_parse_kexinit:
    >
    >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    > >debug2: kex_parse_kexinit:
    >
    >hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
    > >debug2: kex_parse_kexinit: none,zlib
    > >debug2: kex_parse_kexinit: none,zlib
    > >debug2: kex_parse_kexinit:
    > >debug2: kex_parse_kexinit:
    > >debug2: kex_parse_kexinit: first_kex_follows 0
    > >debug2: kex_parse_kexinit: reserved 0
    > >debug2: mac_init: found hmac-md5
    > >debug1: kex: client->server aes128-cbc hmac-md5
    > none
    > >debug2: mac_init: found hmac-md5
    > >debug1: kex: server->client aes128-cbc hmac-md5
    > none
    > >debug3: call key_type_from_name(x509v3-sign-rsa)
    > ...
    > >debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
    > >debug3: mm_request_send entering: type 0
    > >debug3: monitor_read: checking request 0
    > >debug3: mm_answer_moduli: got parameters: 1024 2048
    > >8192
    > >debug3: mm_request_send entering: type 1
    > >debug2: monitor_read: 0 used once, disabling now
    > >debug3: mm_request_receive entering
    > >debug3: mm_choose_dh: waiting for
    > MONITOR_ANS_MODULI
    > >debug3: mm_request_receive_expect entering: type 1
    > >debug3: mm_request_receive entering
    > >debug3: mm_choose_dh: remaining 0
    > >debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
    > >debug2: dh_gen_key: priv key bits set: 130/256
    > >debug2: bits set: 1567/3191
    > >debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
    > >debug2: bits set: 1591/3191
    > >debug3: mm_key_sign entering
    > >debug3: mm_request_send entering: type 4
    > >debug3: monitor_read: checking request 4
    > >debug3: mm_answer_sign
    > >debug3: ssh_x509_sign: key_type=RSA+cert,
    > >key_ssh_name=x509v3-sign-rsa
    > >debug3: ssh_x509_sign: evp_md { 64(sha1),
    > >65(sha1WithRSAEncryption), 20, ... }
    > >debug3: ssh_x509_sign: return 0
    > >debug3: mm_answer_sign: signature 0x80a1138(279)
    > >debug3: mm_request_send entering: type 5
    > >debug2: monitor_read: 4 used once, disabling now
    > >debug3: mm_request_receive entering
    > >debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN
    > >debug3: mm_request_receive_expect entering: type 5
    > >debug3: mm_request_receive entering
    > >debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
    > >debug2: kex_derive_keys
    > >debug2: set_newkeys: mode 1
    > >debug1: SSH2_MSG_NEWKEYS sent
    > >debug1: expecting SSH2_MSG_NEWKEYS
    > >Connection closed by 127.0.0.1
    > >debug1: Calling cleanup 0x8069bfc(0x0)
    > >
    > >ssh -vvv
    > >...
    > >debug3: x509key_str2X509NAME: return 1
    > >debug3: x509key_from_subject: return 0x809ad10
    > >debug3: check_host_in_hostfile: match line 1
    > >debug1: Host 'localhost' is known and matches the
    > >RSA+cert host key.
    > >debug1: Found key in /root/.ssh/known_hosts:1
    > >debug2: bits set: 1638/3191
    > >debug3: ssh_x509_verify: signature key type =
    > >x509v3-sign-rsa
    > >debug3: ssh_x509_verify: evp_md { 64(sha1),
    > >65(sha1WithRSAEncryption), 20, ... }debug3:
    > >ssh_x509_verify: evp_md { 4(md5),
    > >8(md5WithRSAEncryption), 16, ... }
    > >ssh_x509_verify: verify failed: error:0D09C08F:asn1
    > >encoding routines:d2i_PublicKey:unknown public key
    > >type
    > >debug3: ssh_x509_verify return 0
    > >key_verify failed for server_host_key
    > >debug1: Calling cleanup 0x8060bc0(0x0)
    > >
    > >######################
    > >sshd_config - self-signed CA
    > >######################
    > >HostKey <hostkey> # Host
    > >ssh-keygen private + x.509, PEM
    > >AllowedCertPurpose sslclient
    > >CACertificateFile <CA cert file> # CA x.509
    > >only, PEM
    > >CACertificatePath <CA cert dir> # CA hash's
    > >X509rsaSigType=sha1
    > >
    > >######################
    > >~/.ssh/config
    > >######################
    > >IdentityFile=~/.ssh/id_rsa # ssh-keygen
    > >-b2048 -trsa
    > >AllowedCertPurpose=sslserver
    > >X509rsaSigType=sha1
    > >CACertificateFile <CA cert file> # CA x.509
    > >only, PEM
    > >CACertificatePath <CA cert dir> # CA hash's
    > >UserCACertificateFile <User cert file> # User
    > >ssh-keygen private + x.509, PEM
    > >UserCACertificatePath <User cert dir> # User
    > hash's
    > >
    > >######################
    > >~/.ssh/authorized_keys
    > >######################
    > >(printf 'x509v3-sign-rsa ';openssl x509 -noout
    > >-subject -in <UserCACertificateFile) >>
    > >~/.ssh/authorized_keys
    > >
    > >
    >
    === message truncated ===

    __________________________________
    Do you Yahoo!?
    Yahoo! SiteBuilder - Free, easy-to-use web site design software
    http://sitebuilder.yahoo.com


  • Next message: Antonio Carlos: "Re: OpenSSH Security Advisory: buffer.adv"

    Relevant Pages