Re: Odd Openssh Error: buffer_get_int: buffer error
From: Darren Tucker (dtucker_at_gate.dodgy.net.au)
Date: 07/21/05
- Next message: Nico Kadel-Garcia: "Re: public key authentication"
- Previous message: Ben Harris: "Re: sshd talks to much in the logs"
- In reply to: jayjwa: "Odd Openssh Error: buffer_get_int: buffer error"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 21 Jul 2005 10:34:15 GMT
On 2005-07-19, jayjwa <jayjwa@nospam.invalid> wrote:
> Recently, one of the users of my system seems to be having a problem
> loggin into his account by ssh. This user is across the Internet. I
> had him run a session with debug output, and it is below, along with
> what you'd see on the server's side. I can't figure out why he is not
> able to login, while other logins work, both in and out of the machine,
> and on other machine running the same Openssh & Openssl. The serving
> machine is a 2.4.31 glibc 2.3.5 based linux build from source, no
> distro. The connecting system is a 2.6.something, a Debian (I belive
> stable) system. I belive the connecting system is also using Openssl
> and Openssh, but I'm not sure of the version. This problem started
> only recently, and spans two different versions of Openssl, with the
> same version of Openssh being used with both, a 9.8beta* and now a
> 9.8 release version.
I would suspect problems in OpenSSL's libcrypto or corrupt keys. Since it
used to work I would suspect the former. When you built OpenSSL, did the
self test ("make tests") pass? Does the problem persist if you build
OpenSSL w/out the assembler optimization?
Also, try reading the private key directly with OpenSSL:
$ openssl rsa -noout -check -in id_rsa
(on both client and server if possible)
[...]
> Another point which may have something to do with it: Openssl never seems
> to correctly find my random number devices. Turns out, if I don't point
> out one with -DDEVRANDOM at compile time, it thinks I have none (which is
> not true, this is a modern 2.4.31 linux system, I've tested both
OpenSSL should find the entropy source automatically. The only time I've
seen it not was due to a bug in OpenSSL that manifested on Solaris 10 and
has since been fixed.
> Ok, rebuilt Openssl like I used to, with randfiles set explicitly,
> and both random and urandom show in the binary of libcrypto.so now,
> where before only urandom did. urandom should have been enough-
> it's non-blocking. random blocks. I tested with my own 4096 bit
> rsa key, and it works...
[...]
> So my 4096 rsa key works, yet his doesn't?
It seems likely that there's a common-mode failure here: either the client
or server does something consistently wrong, which is why they work with
their own keys but not keys from the other.
If you can test the keys on a third machine (as with the "openssl" command
above) that may indicate which.
> But...I have the user try again now and same error :(
> If its not what I though with the key size, I have no idea
> what the problem is. Can anyone help?
The fact that it's a hand-rolled system that is unique, possibly not..
Literally anything could be the problem (compiler, libraries or bugs in
either openssl or openssh). It's possible that no one will be able to
reproduce the problem on another system, in which case you're on your own.
One other thing: if you run sshd under a debugger and set a breakpoint
inside fatal(), when it trips you can use "backtrace" to see which part
of the code cause the fatal.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- Next message: Nico Kadel-Garcia: "Re: public key authentication"
- Previous message: Ben Harris: "Re: sshd talks to much in the logs"
- In reply to: jayjwa: "Odd Openssh Error: buffer_get_int: buffer error"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
