[Openvas-discuss] Using certificates for ssh credentials fails

Stefan Schwarz Stefan.Schwarz at unibw.de
Thu Mar 3 17:16:13 CET 2011


Am 03.03.2011 10:30, schrieb Michael Meyer:
> Hello Stefan,
>
> *** Stefan Schwarz<Stefan.Schwarz at unibw.de>  wrote:
>> Am 28.02.2011 19:41, schrieb Michael Meyer:
>
>>> Any interesting sshd messages in the targets logfile?
>>>
>> I get lots of sshd errors of:
>> error: RSA_public_decrypt failed:
>> error:0407006A:lib(4):func(112):reason(106)
>
> I guess your GnuTLS version is>  2.4.2.  I've seen this problem with
> GnuTLS 2.8.5 and 2.8.6. It works with 2.4.2.

Yes, i'm using 2.8.5-2.
>
> Possible workarounds:
>
> 1. Downgrade to GnuTLS 2.4.2
This is not really an option :-(

>
> 2. Change
>
> ,---[ "openvas-manager/src/lsc_user.c ]
> | command = g_strconcat ("ssh-keygen -t rsa"
> `---|
>
> to
>
> ,---|
> | command = g_strconcat ("ssh-keygen -t dsa"

This patch works, but i would suggest to use DSA-keys by default, 
because this should work with all GnuTLS-version.

	Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6299 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20110303/ad0529d2/attachment.p7s>


More information about the Openvas-discuss mailing list