Wrong Signature Length Error

Question

Our SFTP server encountered the following error when we tried to connect to our client's sftp server: ' A public key corresponding to the supplied private key was not accepted by the server or the user name is incorrect.'

We are using the same SSH key and password to connect the same client server in production for a while, no change has been made at both side. The error only lasted for 3 hours, then it disappeared again and we resume normal SFTP service without further error. This error appears around once per two weeks.

We have asked the client to provide log from their sftp server, and the error is: 'Error validating signature: error: 04091077:rsa routines:INT_RSA_VERIFY:wrong signature length. Signature failed verification with ssh-rsa type public key presented by user xxx'

Appreciate if anyone can help on this issue.

Answer 1

Hello, thanks for your detailed description!

This is actually an old issue of "disagreement between an SSH client and SSH server about the correct way to pad RSA signatures".

Some background: An RSA signature created with a private key of N bytes will usually be N bytes long. In few cases, it might be slightly shorter. In other cases, its most significant bit might be set and your server seem to require a padding of one additional zero octet at the beginning of the signature when this occurs. Because some SSH clients (including Rebex SFTP and PuTTY) send the signature unpadded, the server reports an error.

Unfortunately, SSH Authentication RFC does not specify whether the signatures are supposed to be sent padded or unpadded. However, we believe that this implies that both forms should actually work.

A similar issue has been recently discovered in libssh, but it was present in OpenSSH until 2002 as well: http://www.libssh.org/archive/libssh/2014-01/0000046.html

And there is another explanation here: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/rsa-verify-failed.html

We can add a workaround for this, but it would have to be only enabled when working with servers that reject unpadded signatures (because different servers may reject padded signatures). Which SFTP server do you use? Would it be possible to send a communication log showing its welcome message?

Comments

This said, it's a bit strange the issue lasted 3 hours. I would expect this to occur randomly. Are you sure there were no successful authentication attempts during those 3 hours?