From owner-freebsd-stable  Tue Mar 21  3:48:10 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from trinity.skynet.be (trinity.skynet.be [195.238.2.38])
	by hub.freebsd.org (Postfix) with ESMTP
	id 43D7037BB3C; Tue, 21 Mar 2000 03:48:06 -0800 (PST)
	(envelope-from blk@skynet.be)
Received: from [195.238.1.121] (brad.techos.skynet.be [195.238.1.121])
	by trinity.skynet.be (Postfix) with ESMTP
	id 4AF78180B3; Tue, 21 Mar 2000 12:47:45 +0100 (MET)
Mime-Version: 1.0
X-Sender: blk@pop.skynet.be
Message-Id: <v04220804b4fcf52b1e61@[195.238.1.121]>
In-Reply-To: <20000321162706.B9095@outblaze.com>
References: <20000321061951.8726.qmail@yusufg.portal2.com>
 <20000321031927.A4669@spirit.jaded.net>
 <20000321162706.B9095@outblaze.com>
Date: Tue, 21 Mar 2000 10:50:36 +0100
To: Yusuf Goolamabbas <yusufg@outblaze.com>,
	Dan Moschuk <dan@FreeBSD.ORG>
From: Brad Knowles <blk@skynet.be>
Subject: Re: Reason for sshd[238]: fatal: rsa_private_decrypt() failed
 4.0-stable
Cc: freebsd-stable@FreeBSD.ORG
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

At 4:27 PM +0800 2000/3/21, Yusuf Goolamabbas wrote:

>  Isn't that illegal (inappropiate) for somebody outside the US ?

	Yes, I believe so.  In fact, if USA_RESIDENT is NO, I would 
expect this port to bomb out.

>  On 3-4 stable machines, I used to do make install in
>  /usr/ports/security/openssh and it used to do the right thing
>  Shouldn't USA_RESIDENT=NO and make world do this

	I just installed a fresh 4.0-RELEASE a couple of days ago, and 
although USA_RESIDENT was set to "NO", and I made a point of grabbing 
both the sources and the crypto from ftp.uk.freebsd.org, it still 
seemed to get the RSAREF stuff which choked and puked on keys larger 
than 1024 bits.


	In order to fix it, I installed cvsup (like an idiot, I did the 
port and not the package -- Do you have any idea how long it takes to 
build XFree86, especially when you don't want X on the machine, and 
you have no way to specify -NOX on the command line to "make install" 
for cvsup?  ;-).

	After that, I set up the appropriate cvsup files for RELENG_4, 
did a make update (which took many hours, since I was still running 
on a GENERIC kernel and couldn't make use of either SMP or 
softupdates), then a "make buildworld" and finally a "make 
installworld".  Afterwards, sshd seems to work okay now.

--
   These are my opinions -- not to be taken as official Skynet policy
======================================================================
Brad Knowles, <blk@skynet.be>                || Belgacom Skynet SA/NV
Systems Architect, Mail/News/FTP/Proxy Admin || Rue Colonel Bourg, 124
Phone/Fax: +32-2-706.13.11/12.49             || B-1140 Brussels
http://www.skynet.be                         || Belgium


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message