Hello, this is what I get using ssh with a 8192 bytes DSA key (produced with 'ssh-keygen -t dsa -b 8192'): dmr:nicetas:0:~/openssh-3.8.1p1$ ./ssh bin key_read: uudecode AAAAB3NzaC1kc3MAAAQBAKU+5z15VrrvSBD9q5absauzckc0oinS4DOoOGPHwHoPKdjXU/B2/Z1yxtS7hbafix5gNeHbX5QTPq2f7YVZc/P0x0QRxDAMaADOVymH3DhxOt7pV0KxA8uiiqWNsWrVGFKTfh6NF5Ap8lcrRMu30sZvKUgH+3xaBEUiIXkV7yrWvmdk84llDwLInzxLVXHMWGgvdEPM+t0/bL0JIUe7nXzRO8cdXP2AhvCjAMa+l5GcLH2ZIxaEkDohJG5NgDg5FmJF37bs8vwNnyrrIigxLIwroCfhiirpahRNStdXXV57vYeCOWvqr6yYcXSJD5AuZoHl2MAgje5bwVIP/Va3F3WLBfgQwQVRoyssr8BPACPz8liVgGyZPUsilfF8Jf/BFa9VEPaQNXDN1XunqJPGg35dxMFGhPkjd8DcxKo0jqM+DNI/YbKUe3hQ4P4jDfzE7PcmLWzm80cpZxZO7ODLMQumqiGmo9uTm4dRwI/oxYk8pW7VComq7BTV8roPnw0Q9BwdBWtKXFI3adyq/Z4qghPUTuwPyx1Lgl3Q2k9J+CkHzf/Y9ycAzZUlkLIrsknh1ZVJgiCQIQQhfCrbIM3cdnXtkneJKWsfjyiN2lKNt8tzRjai30zHPWjltc5FiZsHBbwaHWa0uDLyUxtB8ZHCjd1HBafA6isqk8MaJdV47Iw1H1I3ny//5KLTatiIHhpF61wXXRExkWGO9dy635hWCmZiOyFnXpZY6ErdhlHZ5VwSXX0tSG97eS+YG1TMTljaSGD+eKXLwJVTwICC5Hn7qaGwFEY0Zuzo2dnZNVi6EVMtSavC0QZ/rAt2/QtZys8MfDybVRAETfmEcdEY6A2yTk6KlF2wggAySPH7pY6LF2qugrjkVLj/0/cRYv9jCfEzjd8qS3As71U1bO39EtIM/niHS7blF0CN5XsA9x04ZUiW+0y0MUfGYf2CqVLU0fxNR5/wFw8hMD KQvw2J8vhbClq3Last login: Wed Jun 23 18:26:04 2004 from nicetas.disi.unige.it root:bin:0:~# This seems had - in most cases - to the line buffer size found in key_try_load_public() of authfile.c that is fixed to 4096 bytes. The attached ebuild contains a patch (openssh-3.8.1p1-hugekeys.patch) that _should_ help to solve the problem, enlarging - on fly - the buffer size (it worked pretty well for me up to 32Kbits keys - actually in production on my cluster). Regards, Alessandro Reproducible: Always Steps to Reproduce: 1. see details... 2. 3. Actual Results: see details... Expected Results: see details... Portage 2.0.50-r8 (default-x86-1.4, gcc-3.3.3, glibc-2.3.3.20040420-r0, 2.6.6) ================================================================= System uname: 2.6.6 i686 AMD Athlon(TM) XP 1800+ Gentoo Base System version 1.4.16 Autoconf: sys-devel/autoconf-2.59-r3 Automake: sys-devel/automake-1.8.3 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O3 -march=athlon-xp -fforce-addr -fomit-frame-pointer -funroll-loops -frerun-cse-after-loop -frerun-loop-opt -falign-functions=4 -pipe" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O3 -march=athlon-xp -fforce-addr -fomit-frame-pointer -funroll-loops -frerun-cse-after-loop -frerun-loop-opt -falign-functions=4 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs ccache fixpackages sandbox" GENTOO_MIRRORS="rsync://ftp.belnet.be/gentoo/ ftp://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ ftp://ftp.tu-clausthal.de/pub/linux/gentoo/ ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="3dnow X aalib acpi alsa avi cdr crypt cups dga dillo dvd emacs encode fbcon foomaticdb gdbm gif gpm gtk guile imlib jpeg libg++ libwww mad mmx mpeg ncurses nls nptl oggvorbis opengl oss pam pdflib perl plotutils png python qt quicktime radeon readline scanner sdl slang spell ssl svga tcpd tetex tiff transcode truetype type1 usb vanilla x86 xface xml2 xmms xv zlib"
Created attachment 34050 [details] lets openssh to accept and use very large keys (>8Kbits) please note that the patch contained here in is trivially appliable also to older openssh releases.
Created attachment 35950 [details, diff] openssh won't work with DSA keys larger than 8Kbits unified path to be applied to openssh-3.8.1_p1
Added to CVS, thanks!