Skip site navigation (1)Skip section navigation (2)
Date:      28 May 2000 11:56:20 -0400
From:      Chris Shenton <cshenton@uucom.com>
To:        questions@freebsd.org
Subject:   4.0-STABLE Secure: ssh limited to 1024 bits by RSAREF
Message-ID:  <lfhfbi653v.fsf@Samizdat.uucom.com>

next in thread | raw e-mail | index | archive | help
I just did a make world from last nights 4.0 Secure CVSup.
One site I'm trying to "ssh" to a system running F-Secure's SSH daemon
with a host key that's 1152 bits, but /usr/bin/ssh can't connect
because the RSAREF limits me to 1024 bits:

 SSH Version OpenSSH-1.2.2, protocol version 1.5.
 Compiled with SSL.
 debug: Reading configuration data /etc/ssh/ssh_config
 debug: Applying options for *
 debug: ssh_connect: getuid 0 geteuid 0 anon 0
 debug: Connecting to XXX.XXX.com [###.###.###.###] port 22.
 debug: Allocated local port 918.
 debug: Connection established.
 debug: Remote protocol version 1.5, remote software version 1.3.5 F-SECURE SSH
 debug: Waiting for server public key.
 debug: Received server public key (1152 bits) and host key (1024 bits).
 debug: Host 'XXX.XXX.com' is known and matches the host key.
 rsa_private_encrypt() failed: RSAREF cannot handle keys larger than 1024 bits.
 debug: Calling cleanup 0x8052dbc(0x0)


File /usr/src/crypto/openssh/rsa.c contains the bit:

    if (BN_num_bits(key->n) > 1024 && RSA_libversion() == RSALIB_RSAREF)
	fatal("rsa_private_encrypt() failed: RSAREF cannot handle keys larger than 1024 bits.");

but I haven't been able to trace back to find where the function and
constant are defined.


Before doing the "make world", in /etc/defaults/make.conf I set:

 RSAREF= NO
 USA_RESIDENT= NO

hoping to get linkage with a non-crippled RSA implementation. It
appears this hasn't helped. 


How can I recompile ssh in the system to get larger key support? 

Thanks.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?lfhfbi653v.fsf>