Date: 28 May 2000 11:56:20 -0400 From: Chris Shenton <cshenton@uucom.com> To: questions@freebsd.org Subject: 4.0-STABLE Secure: ssh limited to 1024 bits by RSAREF Message-ID: <lfhfbi653v.fsf@Samizdat.uucom.com>
next in thread | raw e-mail | index | archive | help
I just did a make world from last nights 4.0 Secure CVSup.
One site I'm trying to "ssh" to a system running F-Secure's SSH daemon
with a host key that's 1152 bits, but /usr/bin/ssh can't connect
because the RSAREF limits me to 1024 bits:
SSH Version OpenSSH-1.2.2, protocol version 1.5.
Compiled with SSL.
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for *
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to XXX.XXX.com [###.###.###.###] port 22.
debug: Allocated local port 918.
debug: Connection established.
debug: Remote protocol version 1.5, remote software version 1.3.5 F-SECURE SSH
debug: Waiting for server public key.
debug: Received server public key (1152 bits) and host key (1024 bits).
debug: Host 'XXX.XXX.com' is known and matches the host key.
rsa_private_encrypt() failed: RSAREF cannot handle keys larger than 1024 bits.
debug: Calling cleanup 0x8052dbc(0x0)
File /usr/src/crypto/openssh/rsa.c contains the bit:
if (BN_num_bits(key->n) > 1024 && RSA_libversion() == RSALIB_RSAREF)
fatal("rsa_private_encrypt() failed: RSAREF cannot handle keys larger than 1024 bits.");
but I haven't been able to trace back to find where the function and
constant are defined.
Before doing the "make world", in /etc/defaults/make.conf I set:
RSAREF= NO
USA_RESIDENT= NO
hoping to get linkage with a non-crippled RSA implementation. It
appears this hasn't helped.
How can I recompile ssh in the system to get larger key support?
Thanks.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?lfhfbi653v.fsf>