Getting "key_demote: error in libcrypto" error when using OpenSSH 7.6p1
From
khan.m.arshad@gmail.com@21:1/5 to
All on Wed Nov 7 19:07:56 2018
Hello All,
I have a CentOS 6 system that is running OpenSSH version 7.6p1 built with OpenSSL 1.0.2o. The OpenSSL is built with FIPS module 2.0.16. I have a python based pluggable authenticataion module configured using pam_python 1.0.6 and Python 2.7.10.
When I use a ssh client to login to this system, the connection is immediately closed by the system. Checking the /var/log/secure I see following error:
sshd[11255]: fatal: key_demote: error in libcrypto
Checking OpenSSH code I think this is happening when the server is demoting private keys to public keys. The problem I have tracked down is because of an import in the PAM python module which eventually imports the _ssl module. A dummy PAM python module
with just this import reproduces the issue.
Here is the dummy PAM python module that I am using to repro the issue:
-----
#!/opt/bin/python
import _ssl
def pam_sm_authenticate(pamh, flags, argv):
return pamh.PAM_SUCCESS
def pam_sm_setcred(pamh, flags, argv):
return pamh.PAM_SUCCESS
def pam_sm_open_session(pamh, flags, argv):
return pamh.PAM_SUCCESS
def pam_sm_close_session(pamh, flags, argv):
return pamh.PAM_SUCCESS
def pam_sm_acct_mgmt(pamh, flags, argv):
return pamh.PAM_SUCCESS
-----
Any help is very much appreciated in resolving or understanding this issue.
Thanks and Regards
Arshad
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)