Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: problem of openSSH and certificate in UTF8

from [yjchui] Network Security [Permanent Link]
Subject: Re: problem of openSSH and certificate in UTF8
Date: Fri, 25 Mar 2005 10:23:58 +0800 (CST) 
Hi:
   I have changed the /usr/local/etc/ssh_known_hosts on client to
---------------------------------
10.144.166.135 x509v3-sign-rsa "new public key with certifcate"
-------------------------------------------------------------

But when client performs server authentication, the following error message 
appears:
Friday:~/.ssh# ssh -v 10.144.166.135 -i client_rsa
OpenSSH_3.9p1, OpenSSL 0.9.7e 25 Oct 2004
debug1: Reading configuration data /usr/local/etc/ssh_config
........
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.144.166.135' is known and matches the RSA+cert host key.
debug1: Found key in /usr/local/etc/ssh_known_hosts:1
ssh_x509_verify: verify failed: error:04067084:rsa 
routines:RSA_EAY_PUBLIC_DECRYPT:data too large for modulus
key_verify failed for server_host_key

It seems that althoug I use public key (old style) in the ssh_known_hosts, but 
when the client verify certifcate of server, the client can not recognize the 
UTF-8 code and rejects the certifcate as the data too long.....


Hi,



You can use "old format". i.e. to append OpenSSH "pub file" to user 
authorized_keys.
Please see ssh-keygen(1).
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Making sshd_config not world readable, Miguel Saturnino
Next by Date:  Re: Making sshd_config not world readable, Derek Martin
Previous by Thread:  Re: problem of openSSH and certificate in UTF8, Roumen Petrov
Next by Thread:  Strange sshd message in /var/log/messages: sshd: ^[[60G, Rafiq_Maniar
Indexes:  [Date] [Thread] [Top] [All Lists]