Re: [Fwknop-discuss] GPG authentication packet not picked up by fwknop
Brought to you by:
mbr
From: Michael R. <mb...@ci...> - 2008-09-26 01:27:28
|
On Sep 25, 2008, Francois Marier wrote: > On 2008-09-25 at 01:23:23, Michael Rash wrote: > > Now, the next thing that would help debug this is to run fwknopd in > > --debug mode and collect the output that is generated when you send an > > SPA packet from the client that is encrypted with GnuPG. > > I have attached a debug log of fwknop receiving a GPG-encrypted packet sent > with this command: > > fwknop -A tcp/22 --gpg-no-options --gpg-agent --gpg-recip DEADBEEF --gpg-sign CAFEBABE -R -D ssh.example.com Ah, that is very helpful - I've abbreviated the output, but the last few lines below make clear what the problem is: > Thu Sep 25 19:18:22 2008 [+] Adding 'hQ' prefix to base64-encoded message. > Thu Sep 25 19:18:22 2008 [+] base64_equals_padding() msg len: 1426 > Thu Sep 25 19:18:22 2008 [+] Padding base64-encoded message with '=='. > Thu Sep 25 19:18:22 2008 [+] decode_base64() against the following data: hQEOA6co12T3Uf59EAP+NwldjDIdgjgLU+MY3rVYg3hT3UNo6GBxuws2icfpE4w0eLVCiZQSjJfVUtjZBC5Rd333hB+2Duq+AsbMVAM0uELSbNk7qQOmVdTffkkcjXbyHI2EeX71EMcyZWX0kRnlXqvgorMi3eqiPZD/fC5SJBbQXLuSRYpSvNGbGn+s24MD/0dednjgys5ZYgczNoE++pgbA44DDtj2JNassiboxv4s+L+0yxxZd/yqL2FsHKJ7Kc2TcSU06IzdNNAZiHxlQhFYyncGTZhGinMKVv9Q59xhcgTPUI6bL/v29ULO4Iii1NJyNcqgpCc4BDFqwy3HHigSQUaUdhA5HluQdMU5wlJyhQIOA43sismS/wW+EAf/XPLQyZzl05H5MbM/okucUjAH7FGoIgV+GEsl6zl3DwB/Oq2JUfRL+cvRoVl+djxwOYiSSqDVN8dMQp8JilyZWBsBo3/iDoFPDV5rQoXkYbw/dNrKUkbsWe00D/v6DcpCEaXhk1KEnXeTfA3WJj+U88FCGwsJWaE4mBoUGoIzIv0gXdpKv8a1z0spKGLFQXcwXY9eEW9hraSrHDERUDFwLfTHvUNnMviSy5oaGegXuYdHvdgS1DAp7E+C6Dy4VVw/DtE1Wk3W17ExRcHrSj1sEc/s+P58WvuaSXmkaYhzo+jEWA/w7I0+7gzyW+/+a1G8Ez1+tgjWsYY87a99GiI/+Qf9Gv0VnIRiyKOsQO5SKxlUMdFKu5AXaOiAFYnc+GES1hufNOUoAm+u34PYa7cg+zfCgaasU196gsmGzZJoOSdq3xgu3jGwO9uccUJyk/UbYFMvZ6hGcL6N76Kvg10EVjlg7j2zxglIhZPYL3AeK5xty5eZix3lo0Ya5QiMbxFdEd5xCttiXI5rcklmzb2SRU+u7u03U/OP5vv1xsOrzkV2xNJPaR1MQfSV4ysOmgqp63q/czOOmk4BiwxMpz5/wnhZiqlVjuHZfW4kFgdZLq9XY/PEB0l2Iw0r2wk05xam55msJMjpAD3S6Mg32yESLH6tDu680TxDY/cVpYMEsT4SjNLASAE5bcca6sREmK8o2y9lv8lsh4NR4WEXdUaa2JdHT9mIbFFtNFSPj/4q5aZhC2mDNTf2sAkvh66zN7XZm66EpylxokKVmwZj2fuZOMe3qxORdExNXygJKbdbPdc7tfv/IxWDQQ6TCbE4XJ0xNSh4Xo+ypYwnkM04p1M4MVhh1Ld6OUuk70hbNQKcyEDDq2kJ6a+SLkMAABjGKmpip5OTkyUgBHOSK7FBwfKf0FmqvS2NUvCZgD5jcgEF8fePHAypNeK8PtXjFxuz7UVr6g4SUzQwBNGa9Sg/JW+bWuf3rHpGRw8APp5CQNu9JK9PxMmlqQZtnc/csn9S6EDER4ZIjAGJzuRbgauLxQ== > Thu Sep 25 19:18:22 2008 [-] base64-decoded data does not begin with 0x8502 > Thu Sep 25 19:18:22 2008 [-] Failed decrypt for SOURCE block ANY In most GnuPG installations that I've seen, the beginning of gpg-encrypted data begins with 0x8502, and even the file 'magic' database uses this to identify such data. May I ask which version of GnuPG you have installed on your client system, and which Linux/other distro it is? Thanks, -- Michael Rash http://www.cipherdyne.org/ Key fingerprint: E2EF 0C8A 5AA9 654C 4763 B50F 37AC E946 7F51 8271 |