Bug 23132 - RSA/DES auth broken?
Summary: RSA/DES auth broken?
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: openssh   
(Show other bugs)
Version: 7.1
Hardware: i386
OS: Linux
medium
high
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-01-02 10:58 UTC by Gerald Teschl
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-06-19 18:36:02 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Gerald Teschl 2001-01-02 10:58:29 UTC 
The authentication via RSA/DES key is somehow broken.
Sometimes it works, sometimes it does'nt. For example,
I try to login to a remot host and ssh will ask for
me pass phrase (even tough I added the key to the ssh-agent,
and ssh-add -l shows that it is there) and fail even tough
I enter the correct pass phrase. If I press CRL+C and try again,
it might work fine (without asking for the pass phrase).
It's purely random. Sometimes it doesn't work at all.
Comment 1 Pekka Savola 2001-01-02 18:23:02 UTC 
WIthout further debugging (ssh -v -v -v, sshd -d -d -d), this is untraceable.
Comment 2 Gerald Teschl 2001-01-04 16:14:59 UTC 
It looks like the problem is on the server:
----------------------------------------------
debug: Trying RSA authentication via agent with 'gerald@soliton'
debug: Server refused our key.
debug: RSA authentication using agent refused.
debug: Trying RSA authentication with key 'gerald@soliton'
debug: Received RSA challenge from server.
Enter passphrase for RSA key 'gerald@soliton':
debug: Sending response to host key RSA challenge.
debug: Remote: RSA authentication accepted.
debug: RSA authentication accepted by server.
debug: Requesting pty.
debug: Requesting X11 forwarding with authentication spoofing.
debug: Requesting authentication agent forwarding.
debug: Requesting shell.
debug: Entering interactive session.
-----------------------------------------------
If I try again five seconds later it'll work:
-----------------------------------------------
debug: Trying RSA authentication via agent with 'gerald@soliton'
debug: Received RSA challenge from server.
debug: Sending response to RSA challenge.
debug: Remote: RSA authentication accepted.
debug: RSA authentication accepted by server.
Comment 3 Pekka Savola 2001-02-24 08:25:50 UTC 
You haven't updated either server or the client OpenSSL to 0.9.6, have you?
Comment 4 Mike Gahagan 2001-04-18 00:56:31 UTC 
I have found that RSAAuthentication just doesn't work using the openssh rpms
packaged with 7.1. I got asked for a password every time, 'sshd -d -d' on the
server and 'ssh -v -v' on the client don't show any attempt to use
RSAAuthentication. I removed the Red Hat Linux 7.1 rpms and replaced them with
openssh-2.5.2p2 from openssh.com on the server and still had the same problem.
After replacing the Openssh on the client, the problems went away. I built
openssh-2.5.2p2 from .src.rpm's with 'rpm -bb openssh.spec' after editing the
spec file to disable building of the askpass packages.
Comment 5 Pekka Savola 2001-04-18 05:45:57 UTC 
Public Key Authentications w/ empty passphrase works for me just fine.  Client
is RHL71, the
server either 2.3.0p1 or RHL62 with RHL7 errata 2.5.2p2 recompiled on RHL62.
Comment 6 Gerald Teschl 2001-06-19 18:35:57 UTC 
The problem is no longer present with the current version (openssh-2.5.2p2-5).
Note You need to log in before you can comment on or make changes to this bug.