From owner-freebsd-questions Mon Feb 24 6:47: 5 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 04B0637B401 for ; Mon, 24 Feb 2003 06:47:03 -0800 (PST) Received: from mx1.clickcom.com (mx2.clickcom.com [209.198.22.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 568E043FCB for ; Mon, 24 Feb 2003 06:47:02 -0800 (PST) (envelope-from jsmailing@clickcom.com) Received: from aesop (calefaction.clickcom.com [209.198.22.19]) by mx1.clickcom.com (email) with ESMTP id D3F4951A55; Mon, 24 Feb 2003 09:47:01 -0500 (EST) From: "John Straiton" To: "'Matthew Seaman'" , Subject: RE: Changes in sshd? Date: Mon, 24 Feb 2003 09:42:42 -0500 Message-ID: <004201c2dc12$ffaf8450$1916c60a@win2k.clickcom.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal In-Reply-To: <20030224113248.GB22678@happy-idiot-talk.infracaninophi> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Thanks for all the info! Regretibly, I'm still having problems... > My guess is that when you did your re-install you didn't > backup and restore the host keys for your machine. That > means that all of the accounts on systems you've been > connecting to will have the old host keys in the > ${HOME}/.ssh/known_hosts files. That leads the ssh servers > on those machines to believe that your newly installed 5.0 > server is actually some sort of impostor, hence they refuse access. The client was the only one reinstalled, the server was untouched until I sent up a new "identity.pub". Because I did not restore any .ssh/ files, there is no known_hosts file. I have confirmed this via: #find / -name "known_hosts" -print While being su'ed to root. Now, this got me to thinking that maybe it wouldn't auto-connect 'cause there was no known_hosts file... So I removed the authorized_keys from the server and tried to connect in hopes to create the known_hosts file but I still got the same error: Host key verification failed. The only known_hosts file that exists on the machine is in /root/.ssh/known_hosts which does not have a problem connecting. So I figured rather than properly diagnose this, I'd make it work again since I'm starting to run against time constraints...too bad it didn't work: # cp /root/.ssh/known_hosts /home/myuser/.ssh/ # su myuser %ssh xxx.xxx.xx.xx Permission denied, please try again. Permission denied, please try again. Received disconnect from xxx.xxx.xx.xx: 2: Too many authentication failures for myuser %ssh -1 xxx.xxx.xx.xx WARNING: DSA key found for host 209.198.22.23 in /home/myuser/.ssh/known_hosts:1 DSA key fingerprint 8a:58:15:a5:9b:1c:1a:65:1f:0c:4d:b9:03:d2:f7:8b. Host key verification failed. % > RSA1 key type and hence the SSHv1 protocol. If you can, you > would be well advised to switch to SSHv2 which is rather more > secure, and supported pretty much everywhere now. Thanks, after seeing this being an option now, I had planned on migrating to this, but I figured I'd get rsa1 to work again first. Unfortunately, until I can ssh to the machine at all, I can't get either mechanism to work I fear. I have tried using the dsa key but it doesn't work either. More ideas? John To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message