Differences

This shows you the differences between the selected revisions of the page.

2015-04-10 2015-04-10
rsa_padding (martin) log record associated with Requires padding on SSH-2 RSA signatures (martin)
Line 67: Line 67:
===== [[rsa_padding]] Requires padding on SSH-2 RSA signatures ===== ===== [[rsa_padding]] Requires padding on SSH-2 RSA signatures =====
-Versions below 3.3 of [[&openssh|OpenSSH]] and versions below 1.3.4d/1.3.5rc4 of ProFTPD/mod_sftp require SSH-2 RSA signatures to be padded with zero bytes to the same length as the RSA key modulus. The SSH-2 draft specification says that an unpadded signature MUST be accepted, so this is a bug. A typical symptom of this problem is that WinSCP mysteriously fails RSA authentication once in every few hundred attempts, and falls back to passwords. +Versions below 3.3 of [[&openssh|OpenSSH]] and versions below 1.3.4d/1.3.5rc4 of ProFTPD/mod_sftp require SSH-2 RSA signatures to be padded with zero bytes to the same length as the RSA key modulus. The SSH-2 draft specification says that an unpadded signature MUST be accepted, so this is a bug. A typical symptom of this problem is that WinSCP mysteriously fails RSA authentication once in every few hundred attempts, and falls back to passwords. In session log file you will typically see this record: 
 + 
 +<code> 
 +Server refused public-key signature despite accepting key!  
 +</code>
If this bug is detected, WinSCP will pad its signatures in the way the buggy servers expect. If this bug is enabled when talking to a correct server, it is likely that no damage will be done, since correct servers usually still accept padded signatures because they're used to talking to OpenSSH. If this bug is detected, WinSCP will pad its signatures in the way the buggy servers expect. If this bug is enabled when talking to a correct server, it is likely that no damage will be done, since correct servers usually still accept padded signatures because they're used to talking to OpenSSH.

Last modified: by martin