x/crypto: ssh/client.NewSession() fails when remote key has an exponent greater than 24b #50711
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
When trying to open a ssh session to a LSH server (
lshd-1.4.3, secsh protocol version 2.0
).What did you expect to see?
No error on
NewSession()
What did you see instead?
2022/01/20 12:02:05 dial: ssh: handshake failed: ssh: exponent too large
OTOH, openssh client connects successfully, giving that I specifies the expected values for
KexAlgorithms
andHostKeyAlgorithms
(setting those in Go's ssh config doesn't help).As a workaround, I managed to successfully establish the session by changing the max bit len to 31 (instead of actually 24) in x/crypto/ssh/keys.go:353 in
ParseRSA()
.The text was updated successfully, but these errors were encountered: