PuTTY wish rsa-verify-failed

Home | Licence | FAQ | Docs | Download | Keys | Links
Mirrors | Updates | Feedback | Changes | Wishlist | Team

summary: Occasional `Access denied' / `RSA_verify failed' (OpenSSH bug)
class: wish: This is a request for an enhancement.
difficulty: fun: Just needs tuits, and not many of them.
fixed-in: 2002-06-01 0.53 (0.54) (0.55) (0.56) (0.57) (0.58) (0.59) (0.60) (0.61) (0.62)

With SSH-2, OpenSSH (various versions), RSA public key, key authentication has been reported to occasionally and randomly fail with an `Access denied' message. A message like the following is written in the server's log:

error: ssh_rsa_verify: RSA_verify failed:
    error:04077077:lib(4):func(119):reason(119)

which apparently resolves to "the RSA_verify() function in SSL telling [us] RSA_R_WRONG_SIGNATURE_LENGTH".

SGT, 2002-05-30: This is in fact not a complex bignum bug in PuTTY, but is a simple disagreement between PuTTY and OpenSSH about the correct way to pad RSA signatures in SSH-2. It appears that the draft RFC is on our side, so this is a bug in OpenSSH, apparently caused by their RSA-for-SSH-2 implementation being done before the specification was finalised. They say they'll fix it for OpenSSH 3.3.

As of 2002 Jun 1, PuTTY will detect OpenSSH versions which have the bug and pad its signatures appropriately for those versions.

Audit trail for this wish.


If you want to comment on this web site, see the Feedback page.
(last revision of this bug record was at 2005-03-10 16:36:42 +0000)