lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: vh at helith.net (vh)
Subject: OpenSSHd - Publickey-Authentication - Has 3.9
 problems with 16384Bit DSA-keys?

Can sombody confirm that OpenSSHd is not able to handle 16384-Bit
DSA-Keys?

I don't know if I miss something in the configuration but I didn't read
anything about a size-limitation for Public-Authentication and DSA-Keys
(or RSA, but I use DSA).

I created a 16384-Bit DSA-Key and stored the public part of this key in
./ssh/authorized-keys. I'm able to login with a 4096Bit DSA-Key but the
SSHd wont accapt the 16384Bit-Key and falls back to passwort
authentication.

Did I miss something in the configuration or is that a issue of OpenSSH?
Why does ssh-keygen provide -b 16384 if I can't use it?

I tested that on 3 different OpenBSD 3.6-stable mashines wich use 2
diffrent architectures.

1. normal x86
2. AMD64 in 64Bit-Mode

I asked already the misc@...nbsd-Mailinglist but during censorship the
mail wasn't send to the mailinglist yet.

The message I read in the logfiles:

Jan 13 16:15:54 inri sshd[31741]: error: key_read: uudecode
AAAAB3NzaC1kc3MAAAgBAJTlesfdygujbjsC8wWwfIuIutph2WkGoeib3ck4ZBLzZZ4sOkj
Q0XwDn7aEqGs3eXN48H0SY14kox7Gl0PUs
ZgBJxKrVzQhoxusHwq4o6AtvNK+Cwu4M7byGPNDuDrxfiXwvW25WzjpfvSL2gRc0yhhT5DM
KLpCIwIe8Wza4wnAyIGtLfNldfJ+47TG6dZ1DN7gtKQ1soVsif1TmuxRQqtJ9TpBgVT7MYH
WT54dZ2M+Vn2+eB6TkZ5L6g
dmab7f2WECMW2NBQyy7L2cPhhqnm86vaQgAzolbpTBvmvC4CKzEN0aQ2dsWGNYXDpsEh6Qn
ZaN4fuwCud9sRDwVnKoiPKsWMHvYX/5Sel4n6MI7sKDpw46ClRar0YBi50RbkLd1EDIOlkn
W/wgmwjlrKkA+pR+xhdSOLh
VCwS54/WqJVZMYK7Ts661/6WhXY8n1OzTdz7dDx

Looks like a Bug or?

Thanks for any clues.

vH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050113/e80be2f1/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ