Date: Thu, 7 Feb 2002 02:10:53 -0800 (PST) From: Alexey Dokuchaev <danfe@dnd.nsu.ru> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/34690: Very strong GCC optimizations (CFLAGS) break ssh(1) DSA authorization Message-ID: <200202071010.g17AAru17304@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 34690 >Category: bin >Synopsis: Very strong GCC optimizations (CFLAGS) break ssh(1) DSA authorization >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Feb 07 02:20:00 PST 2002 >Closed-Date: >Last-Modified: >Originator: Alexey Dokuchaev >Release: 4.5-STABLE >Organization: DND NSU >Environment: FreeBSD nowhere.universe.ru 4.5-STABLE FreeBSD 4.5-STABLE #0: Sun Feb 3 22:19:53 NOVT 2002 root@nowhere.universe.ru:/usr/src/sys/compile/CYTHEREA i386 >Description: When world is compiled with "-O2 -mpentiumpro -march=pentiumpro -mcpu=pentiumpro -pipe -s -fexpensive-optimizations -ffast-math -fomit-frame-pointer -funroll-loops" CFLAGS, DSA key-based authorization does not work. See below for exact description. RSA authentification (similar) works (on this very box). >How-To-Repeat: $ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/danfe/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/danfe/.ssh/id_dsa. Your public key has been saved in /home/danfe/.ssh/id_dsa.pub. The key fingerprint is: 5e:45:44:1f:34:63:9c:c3:03:30:b5:75:bf:de:42:75 danfe@nowhere.universe.ru $ cp id_dsa.pub authorized_keys2 $ ssh -2 localhost key_verify failed for server_host_key $ However, if .ssh/id_dsa* moved to another FreeBSD box, compiled with standard CFLAGS, they are proven to be valid. >Fix: None know. Do not time, sorry :-((( >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200202071010.g17AAru17304>