Re: ssh2 key passphrase problems in 2.9.9 on Linux

Fri, 28 Sep 2001 14:37:42 -0700 

On Fri, Sep 28, 2001 at 11:00:25AM -0700, Phil Stracchino wrote:
> On Fri, Sep 28, 2001 at 06:21:26PM +0100, Dr S N Henson wrote:
> > Read the bit in the FAQ about adding an ERR_print_errors_fp() call then
> > see what it says is the cause.


I tried using ERR_print_errors_fp() in the appropriate location and it 
reported nothing.  I therefore took a slightly different tack.  I changed 
the error detection code in key_load_private_pem() in authfile.c from 
this:

        pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
        if (pk == NULL) {
                debug("PEM_read_PrivateKey failed");
                (void)ERR_get_error();
        } else if (pk->type == EVP_PKEY_RSA && ....

to this:

        pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
        if (pk == NULL) {
                error("PEM_read_PrivateKey failed");
                while (ERR_peek_error())
                  error("PEM error %ld: %s", 
                        ERR_peek_error(), 
                        ERR_error_string(ERR_get_error(), NULL));
        } else if (pk->type == EVP_PKEY_RSA && ....


Right up to the point at which that PEM_read_PrivateKey() call is 
executed, everything appears to be working perfectly.  At the moment of 
making this call:

  filename is "/root/.ssh/id_dsa"
  passphrase contains the correct password
  fp is valid, and _IO_read_base points at the string:
    "-----BEGIN DSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\n
     DEK-Info: DES-EDE3-CBC,<data....>"

The passphrase supplied is known to be correct, and successfully unlocks
this keyfile on a Solaris 8 machine which is running the same version of
both OpenSSH and OpenSSL.  Nevertheless, PEM_read_PrivateKey returns NULL,
but according to ERR_peek_error(), no error has occurred.  I am unable to 
trace into the PEM_read_PrivateKey() call using gdb.



-- 
   Linux Now!   .........Because friends don't let friends use Microsoft.
  phil stracchino   ::   [EMAIL PROTECTED]   ::   [EMAIL PROTECTED]
    unix ronin     ::::   renaissance man   ::::   mystic zen biker geek
     2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to