Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

problem of openSSH and certificate in UTF8

from [yjchui] Network Security [Permanent Link]
Subject: problem of openSSH and certificate in UTF8
Date: Wed, 23 Mar 2005 11:05:59 +0800 (CST) 
Hi:

 

       I am trying to use certificate with openssh for user and server 
authentication according to the guideline of http://roumenpetrov.info/.

 

        Fist, both the server and client use self-signed certificate generated 
by openssh. In this case, openSSH works fine with the certificate 
authenctication.

 

        Second, the server and client apply for a certificate (in DER format) 
signed by our company, which contain UTF8 coding (i.e. it contains Chinese). I 
convert the certificate in DER format to the one in PEM format with the command:

openssl x509 in server.der inform DER  -out server.pem outform PEM

 

       Then, I extract the DN of the server certificate with the command:

IPSEC:~/.ssh# openssl x509 -noout -subject -in server-root.pem

subject= 
/C=TW/O=\xE4\xB8\xAD\xE8\x8F\xAF\xE9\x9B\xBB\xE4\xBF\xA1\xE8\x82\xA1\xE4\xBB\xBD\xE6\x9C\x89\xE9\x99\x90\xE5\x85\xAC\xE5\x8F\xB8/CN=yjchu-server

 

     At this time, I add the above result to the file 
"/usr/local/etc/ssh_known_hosts" on the client side.

 

     However, when the client connects to the remote ssh server and performs 
server authentication, the following error message appears:

-----------------------------------------------------------------------------------

yjchu@Friday:~/.ssh$ ssh -v 10.144.166.135

OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004

debug1: Reading configuration data /usr/local/etc/ssh_config

..

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

x509key_str2X509NAME: X509_NAME_add_entry_by_NID fail with 
errormsg='error:0D07A097:asn1 encoding routines:ASN1_mbstring_copy:string too 
long' for nid=17/organizationName and 
data='\\xE4\\xB8\\xAD\\xE8\\x8F\\xAF\\xE9\\x9B\\xBB\\xE4\\xBF\\xA1\\xE8\\x82\\xA1\\xE4\\xBB\\xBD\\xE6\\x9C\\x89\\xE9\\x99\\x90\\xE5\\x85\\xAC\\xE5\\x8F\\xB8'

key_read: uudecode 
Subject:/C=TW/O=\\xE4\\xB8\\xAD\\xE8\\x8F\\xAF\\xE9\\x9B\\xBB\\xE4\\xBF\\xA1\\xE8\\x82\\xA1\\xE4\\xBB\\xBD\\xE6\\x9C\\x89\\xE9\\x99\\x90\\xE5\\x85\\xAC\\xE5\\x8F\\xB8/CN=yjchu-server

 failed

No RSA+cert host key is known for 10.144.166.135 and you have requested strict 
checking.

Host key verification failed.

------------------------------------------------------------------------------------------

 

Does anybody know how to solve the problem? 

 

 
Regards
 
Yann-Ju Chu
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: How to use scp without encryption ?, Aman Raheja
Next by Date:  Strange sshd message in /var/log/messages: sshd: ^[[60G, Rafiq_Maniar
Previous by Thread:  How to use scp without encryption ?, Manoj
Next by Thread:  Re: problem of openSSH and certificate in UTF8, Roumen Petrov
Indexes:  [Date] [Thread] [Top] [All Lists]