From owner-freebsd-stable Mon Jun 19 2:38: 9 2000 Delivered-To: freebsd-stable@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id F339937BC7D; Mon, 19 Jun 2000 02:38:07 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id CAA31387; Mon, 19 Jun 2000 02:38:07 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Mon, 19 Jun 2000 02:38:07 -0700 (PDT) From: Kris Kennaway To: Alessandro de Manzano Cc: "stable@freebsd.org" Subject: Re: SSH failed on 4.0-S In-Reply-To: <200006190857.KAA15589@rizla.energy.it> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 19 Jun 2000, Alessandro de Manzano wrote: > I've installed a 4.0-R box from CD, then CVSUPped to 4.0-S last > friday. All went ok, but now I'm configuring SSH (OpenSSH) and > I've problems. > > After successufully generating an host key, I copied my "old" SSH user > key into ~/.ssh/authorized_keys (as user) then from another box I did > the usual "ssh -C gandalf" (gandalf is the new 4.0-S box name) but it > got rejected by remote. > > in /var/log/messages on gandalf I found : > > Jun 19 10:48:27 gandalf sshd[438]: fatal: rsa_private_decrypt() failed This means the key could not be processed for some reason. Are you certain you are using an sshd from 4.0-STABLE? The most common cause of this error under older versions was because the RSA key was > 1024 bits, and you're using the RSAREF version of OpenSSL. Under -stable this error message became more helpful and it now tells you specifically when this is the problem. Another problem which might (I'm not sure off the top of my head) give the same symptons is if all of the necessary RSA and crypto libraries cannot be found on the system - but again, that should be showing up as a helpful message in the logs under -stable. Try rebuilding sshd from sources which you know are from 4.0-STABLE and run it in debug mode (-d) to make sure you're not missing any of the error messages from it. Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message