From owner-freebsd-current Sat Mar 11 17:10: 9 2000 Delivered-To: freebsd-current@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 3C29537BB09; Sat, 11 Mar 2000 17:10:07 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 39CB12E8155; Sat, 11 Mar 2000 17:10:07 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Sat, 11 Mar 2000 17:10:07 -0800 (PST) From: Kris Kennaway To: Mathew Kanner Cc: freebsd-current@freebsd.org Subject: Re: RC3: problems with SSH In-Reply-To: <20000311200459.A21231@cs.mcgill.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 11 Mar 2000, Mathew Kanner wrote: > debug: Received server public key (1152 bits) and host key (1024 bits). > rsa_public_encrypt() failed Are you using rsaref? rsaref can't handle keys longer than 1024 bits and we're not allowed to fix it so it can by the terms of the rsaref license. Since you're in Canada, you don't need rsaref and should be using the international version of openssl. See chapter 6.5 in the handbook for a longer description of the state of play. > debug: Received server public key (768 bits) and host key (1023 bits). Since this one succeeded, it strongly suggests thats the problem. I consider this a bug in openssh that it doesn't realise that it's using rsaref and give a helpful error message when it gets a key that is too long. Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message