[MacPorts] #38041: openssl-1.0.1e broken with key_from_blob error messages

MacPorts noreply at macports.org
Tue Feb 12 09:09:27 PST 2013 

#38041: openssl-1.0.1e broken with key_from_blob error messages
----------------------+--------------------------------
  Reporter:  david@…  |      Owner:  macports-tickets@…
      Type:  defect   |     Status:  new
  Priority:  Normal   |  Milestone:
 Component:  ports    |    Version:  2.1.3
Resolution:           |   Keywords:
      Port:  openssl  |
----------------------+--------------------------------

Comment (by david@…):

 Work around for this problem is to use the native /usr/bin/ssh +
 /usr/bin/scp programs, rather than Macports versions.

 The native /usr/bin/ssh + /usr/bin/scp work. Macports /opt/local/bin/ssh +
 /opt/local/bin/scp fail.

 Macports fails with both 1.0.1c and 1.0.1e versions of openssl.

 Here's the version info.

 {{{
 David-Favor-iMac> port -v installed openssl
 The following ports are currently installed:
   openssl @1.0.1c_0+rfc3779 (active) platform='darwin 12' archs='x86_64'
   openssl @1.0.1e_0+rfc3779 platform='darwin 12' archs='x86_64'
 David-Favor-iMac> /usr/bin/ssh -V
 OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
 David-Favor-iMac> /opt/local/bin/ssh -V
 OpenSSH_6.1p1, OpenSSL 1.0.1c 10 May 2012
 }}}

 The debug conversation is very different for /usr/bin/ssh +
 /opt/local/bin/ssh.

 Here's the debug conversation from /usr/bin/ssh...

 {{{
 /usr/bin/ssh -v -p 8933 -i /Users/david/.ssh/dfavor.dsa
 root at net1.bizcooker.com
 OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
 debug1: Reading configuration data /etc/ssh_config
 debug1: /etc/ssh_config line 50: Applying options for *
 debug1: Connecting to net1.bizcooker.com [68.233.248.187] port 8933.
 debug1: Connection established.
 debug1: identity file /Users/david/.ssh/dfavor.dsa type 2
 debug1: identity file /Users/david/.ssh/dfavor.dsa-cert type -1
 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1
 Debian-3ubuntu1
 debug1: match: OpenSSH_6.0p1 Debian-3ubuntu1 pat OpenSSH*
 debug1: Enabling compatibility mode for protocol 2.0
 debug1: Local version string SSH-2.0-OpenSSH_5.9
 debug1: SSH2_MSG_KEXINIT sent
 debug1: SSH2_MSG_KEXINIT received
 debug1: kex: server->client aes128-ctr hmac-md5 none
 debug1: kex: client->server aes128-ctr hmac-md5 none
 debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
 debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
 debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
 debug1: Server host key: RSA
 c3:05:17:fa:53:5a:31:88:9a:f3:ff:e9:55:9d:81:87
 debug1: Host '[net1.bizcooker.com]:8933' is known and matches the RSA host
 key.
 debug1: Found key in /Users/david/.ssh/known_hosts:11
 debug1: ssh_rsa_verify: signature correct
 debug1: SSH2_MSG_NEWKEYS sent
 debug1: expecting SSH2_MSG_NEWKEYS
 debug1: SSH2_MSG_NEWKEYS received
 debug1: Roaming not allowed by server
 debug1: SSH2_MSG_SERVICE_REQUEST sent
 debug1: SSH2_MSG_SERVICE_ACCEPT received
 debug1: Authentications that can continue: publickey,password
 debug1: Next authentication method: publickey
 debug1: Offering DSA public key: /Users/david/.ssh/dfavor.dsa
 debug1: Server accepts key: pkalg ssh-dss blen 817
 debug1: Authentication succeeded (publickey).
 Authenticated to net1.bizcooker.com ([68.233.248.187]:8933).
 debug1: channel 0: new [client-session]
 debug1: Requesting no-more-sessions at openssh.com
 debug1: Entering interactive session.
 debug1: Requesting authentication agent forwarding.
 Welcome to Ubuntu 12.10 (GNU/Linux 3.5.0-23-generic x86_64)
 }}}

 Here's the /opt/local/bin/ssh debug conversation...

 {{{
 /opt/local/bin/ssh -v -p 8933 -i /Users/david/.ssh/dfavor.dsa
 root at net1.bizcooker.com
 OpenSSH_6.1p1, OpenSSL 1.0.1c 10 May 2012
 debug1: Reading configuration data /opt/local/etc/ssh/ssh_config
 debug1: Connecting to net1.bizcooker.com [68.233.248.187] port 8933.
 debug1: Connection established.
 debug1: identity file /Users/david/.ssh/dfavor.dsa type 2
 debug1: identity file /Users/david/.ssh/dfavor.dsa-cert type -1
 debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1
 Debian-3ubuntu1
 debug1: match: OpenSSH_6.0p1 Debian-3ubuntu1 pat OpenSSH*
 debug1: Enabling compatibility mode for protocol 2.0
 debug1: Local version string SSH-2.0-OpenSSH_6.1
 buffer_get_bignum2_ret: BN_bin2bn failed
 key_from_blob: can't read ecdsa key point
 key_read: key_from_blob
 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKjE4pdShkPwQMxc83R4rcIlwC6c66gcurdiyZtWiTAKZFhy45qKmTa/OEWMotNz/S6Fw7ktQHCa7rQNYwSx7Hs=
  failed
 debug1: SSH2_MSG_KEXINIT sent
 debug1: SSH2_MSG_KEXINIT received
 debug1: kex: server->client aes128-ctr hmac-md5 none
 debug1: kex: client->server aes128-ctr hmac-md5 none
 debug1: sending SSH2_MSG_KEX_ECDH_INIT
 debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
 Connection closed by 68.233.248.187
 }}}

 Unsure what to do next.

 Suggestions for getting Macports versions of ssh + scp to have similar
 conversation style, so they work?

-- 
Ticket URL: <https://trac.macports.org/ticket/38041#comment:4>
MacPorts <http://www.macports.org/>
Ports system for Mac OS

More information about the macports-tickets mailing list