Date: 28 May 2000 11:56:20 -0400 From: Chris Shenton <cshenton@uucom.com> To: questions@freebsd.org Subject: 4.0-STABLE Secure: ssh limited to 1024 bits by RSAREF Message-ID: <lfhfbi653v.fsf@Samizdat.uucom.com>
next in thread | raw e-mail | index | archive | help
I just did a make world from last nights 4.0 Secure CVSup. One site I'm trying to "ssh" to a system running F-Secure's SSH daemon with a host key that's 1152 bits, but /usr/bin/ssh can't connect because the RSAREF limits me to 1024 bits: SSH Version OpenSSH-1.2.2, protocol version 1.5. Compiled with SSL. debug: Reading configuration data /etc/ssh/ssh_config debug: Applying options for * debug: ssh_connect: getuid 0 geteuid 0 anon 0 debug: Connecting to XXX.XXX.com [###.###.###.###] port 22. debug: Allocated local port 918. debug: Connection established. debug: Remote protocol version 1.5, remote software version 1.3.5 F-SECURE SSH debug: Waiting for server public key. debug: Received server public key (1152 bits) and host key (1024 bits). debug: Host 'XXX.XXX.com' is known and matches the host key. rsa_private_encrypt() failed: RSAREF cannot handle keys larger than 1024 bits. debug: Calling cleanup 0x8052dbc(0x0) File /usr/src/crypto/openssh/rsa.c contains the bit: if (BN_num_bits(key->n) > 1024 && RSA_libversion() == RSALIB_RSAREF) fatal("rsa_private_encrypt() failed: RSAREF cannot handle keys larger than 1024 bits."); but I haven't been able to trace back to find where the function and constant are defined. Before doing the "make world", in /etc/defaults/make.conf I set: RSAREF= NO USA_RESIDENT= NO hoping to get linkage with a non-crippled RSA implementation. It appears this hasn't helped. How can I recompile ssh in the system to get larger key support? Thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?lfhfbi653v.fsf>