Comment 18 for bug 15359

Message-ID: <email address hidden>
Date: Fri, 9 Sep 2005 15:28:39 +0100
From: Colin Watson <email address hidden>
To: <email address hidden>
Cc: Jonathan Amery <email address hidden>
Subject: Re: "bad plaintext length" (was Re: Bug#151743: Can't verify this :( [was: ssh: 3.4p1-2
 fails to install saying "cipher_encrypt: bad plaintext length 337"])

Source: openssh
Source-Version: 1:4.1p1-7

On Tue, Nov 19, 2002 at 05:11:13PM -0800, Martin Pool wrote:
> On 26 Oct 2002, Colin Watson <email address hidden> wrote:
> > On Tue, Jul 16, 2002 at 02:08:14AM +0100, Jonathan Amery wrote:
> > > Do you have an extant backup of the host key from before the upgrade?
> > > I fear that it might have got corrupted somewhere.
> >
> > While this is obviously a nasty bug, it doesn't seem to be having
> > widespread effect, so I'm downgrading it.
>
> I haven't seen the problem again.
>
> > Perhaps one thing that would help would be if ssh's postinst backed up
> > host keys before attempting to edit them?
>
> That seems like a very sensible idea to me.
>
> Perhaps make them 0400 afterwards, and perhaps back them up in a way
> that would protect against repeated broken attempts to upgrade.
> (e.g. move to "host_key.$TIMESTAMP~")

I think in fact this was the same bug as #312312, and is therefore now
(belatedly) fixed:

openssh (1:4.1p1-7) unstable; urgency=low

  * Do the IDEA host key check on a temporary file to avoid altering
    /etc/ssh/ssh_host_key itself (closes: #312312).
  * Work around the ssh-askpass alternative somehow ending up in manual mode
    pointing to the obsolete /usr/lib/ssh/gnome-ssh-askpass.
  * Add GNU/kFreeBSD support (thanks, Aurelien Jarno; closes: #318113).
  * Fix XSIish uses of 'test' in openssh-server.preinst.
  * Policy version 3.6.2: no changes required.

 -- Colin Watson <email address hidden> Fri, 2 Sep 2005 16:18:11 +0100

Thanks,

--
Colin Watson [<email address hidden>]