From owner-freebsd-stable Tue Mar 21 10:35:30 2000 Delivered-To: freebsd-stable@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 5908637BCE3; Tue, 21 Mar 2000 10:35:28 -0800 (PST) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id KAA30820; Tue, 21 Mar 2000 10:35:28 -0800 (PST) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Tue, 21 Mar 2000 10:35:27 -0800 (PST) From: Kris Kennaway To: Brad Knowles Cc: Yusuf Goolamabbas , Dan Moschuk , freebsd-stable@FreeBSD.ORG Subject: Re: Reason for sshd[238]: fatal: rsa_private_decrypt() failed 4.0-stable In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Tue, 21 Mar 2000, Brad Knowles wrote: > Yes, I believe so. In fact, if USA_RESIDENT is NO, I would > expect this port to bomb out. It will work outside the US - but perhaps I should add a warning to the port/package that if you're outside the US you probably don't want to use it. > I just installed a fresh 4.0-RELEASE a couple of days ago, and > although USA_RESIDENT was set to "NO", and I made a point of grabbing > both the sources and the crypto from ftp.uk.freebsd.org, it still > seemed to get the RSAREF stuff which choked and puked on keys larger > than 1024 bits. Unless ftp.uk.freebsd.org rolled their own release, they've got the US 4.0 one, which doesn't contain the international crypto (although I believe it should give you the option of fetching it from internat during the install - which still won't work because Mark Murray still hasn't rebuilt the librsaintl package yet like I've been asking him for the past week). This is unfortunate because it means a lot of international folks are going to be installing the inferior US implementation :-( > In order to fix it, I installed cvsup This fixed it because most international cvsup mirrors (although not all, I think there's a cvsup operator in germany who hasn't been reading my emails on the topic) pick up their crypto from internat, so you compiled the correct version. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message