Hi all,
When Using the golang.org/x/crypto/ssh module to connect to a lshd SSH
server this error gets thrown:
panic: ssh: handshake failed: ssh: exponent too large
goroutine 1 [running]:
main.main()
C:/Users/user/Documents/project/sample.go:33 +0x685 EOF
It's defined in /ssh/keys.go#L353
(https://github.com/golang/crypto/blob/5ea612d1eb830b38bc4e914e37f55311eb58adce/ssh/keys.go#L353)
the error appears when the exponent of the RSA key is over 24 bits.
`lshd` with the program `lsh-keygen` generates a RSA 2048 certificate with
32 bits exponent.
After converting the to a more common format it gets accepted by OpenSSH
and validators.
I was also not able to find a limit on the bitlength of RSA exponents, only
that it must be a positive asn.1 Integer > 0.
The error can be mitigated by changing s/24/32/ at line 353 in ssh/keys.go
afterwards the program works as intended.
I was not able to observe any side effects from changing this value.
How should i best go forward with this? Should i vendor a local copy or
make a upstream bug report/merge request?
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/golang-nuts/d59663f4-8786-4941-9544-ade6415cff13n%40googlegroups.com.
