fatal: cipher_init: EVP_CipherInit: set key failed for aes128-cbc [preauth]
Bryan Drewery
bdrewery at FreeBSD.org
Sat Sep 28 16:41:20 UTC 2013
On 7/30/2013 7:57 AM, Garrett Wollman wrote:
> [Cc added, bdrewery@ who is the maintainer of security/openssh-portable]
>
> <<On Tue, 30 Jul 2013 08:38:05 -0400, Mike Tancsa <mike at sentex.net> said:
>
>> http://lists.freebsd.org/pipermail/svn-src-head/2013-May/047921.html
>
>> Change the default in /etc/ssh/sshd_config to
>
> No /etc/ssh here; this is ports openssh, not base (which doesn't exist
> in my world).
>
>> UsePrivilegeSeparation yes
>
>> as it sounds like you have hardware crypto on the box and you are using
>> UsePrivilegeSeparation sandbox
>> which is broken
>
> However, this fix does work (in /usr/local/etc/ssh/sshd_config).
> Apparently security/openssh-portable needs a fix similar to the base
> system head/crypto/openssh r251088.
>
> -GAWollman
>
Yup. I didn't realize I had put that into the port.
Fixed for upcoming 6.3.
Thanks,
Bryan Drewery
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20130928/9ac5dd73/attachment.sig>
More information about the freebsd-security
mailing list