Re: ssh2 key passphrase problems in 2.9.9 on Linux

Fri, 28 Sep 2001 16:37:15 -0700 

On Fri, Sep 28, 2001 at 11:21:43PM +0100, Dr S N Henson wrote:
> Strange, it should produce an error of some sort. See what happens if
> you remove the pass phrase on the private key (using the rsa utility)
> and also see if you get an error when you supply an incorrect pass
> phrase.


babylon5:root:~/.ssh:11 # openssl rsa -passin stdin -in id_rsa -out rsa_nopass
<********>
read RSA key
unable to load key
babylon5:root:~/.ssh:12 # openssl dsa -passin stdin -in id_dsa -out dsa_nopass
<********>
read DSA key
unable to load Key
babylon5:root:~/.ssh:13 # ssh-add id_dsa
PEM_read_PrivateKey failed
Enter passphrase for id_dsa: <********>
PEM_read_PrivateKey failed
Bad passphrase, try again: foo
PEM_read_PrivateKey failed
Bad passphrase, try again: bar
PEM_read_PrivateKey failed
Bad passphrase, try again: 
babylon5:root:~/.ssh:14 # 

It appears to me as though what's happening is that it's not encountering 
any execution errors, but it's somehow failing to decrypt the key with the 
correct passphrase and treating it as just another incorrect passphrase.

As an experiment, I tried generating a test key using openssl rather than 
ssh-keygen, using the following command:

  openssl genrsa -rand /dev/random:random_seed -F4 128

This command has so far run for ten minutes without producing any output,
generating any visible system activity, or consuming any CPU time as
reported by top.  (My intention was to verify, one step at a time, that I
could create an encrypted key directly using openssl and then remove the 
passphrase from it.)  Am I using genrsa incorrectly, or is this as bad a 
sign as I think it is?


-- 
   Linux Now!   .........Because friends don't let friends use Microsoft.
  phil stracchino   ::   [EMAIL PROTECTED]   ::   [EMAIL PROTECTED]
    unix ronin     ::::   renaissance man   ::::   mystic zen biker geek
     2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to