Date: Tue, 30 Mar 2004 14:23:40 -0500 From: Daren Desjardins <desjardins@canada.com> To: freebsd-stable@freebsd.org Subject: SSH issues with 4.9 stable (key_verify failed for server_host_key) Message-ID: <1080674620.72899.3.camel@lithium.stabilia.com>
next in thread | raw e-mail | index | archive | help
I upgraded to 4.9 stable from 4.9 release and now have difficulty connecting via ssh to hosts. The error I get is: key_verify failed for server_host_key If I modify the sshd_config for the server I am connecting to and change to the following, it works: Protocol 2 # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key ssh verbose dump: [daren@lithium daren]$ssh -v puff OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7c-p1 30 Sep 2003 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to puff [x.x.x.x] port 22. debug1: Connection established. debug1: identity file /home/daren/.ssh/identity type -1 debug1: identity file /home/daren/.ssh/id_rsa type 1 debug1: identity file /home/daren/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1 Free BSD-20030924 debug1: match: OpenSSH_3.5p1 FreeBSD-20030924 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.8p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'puff' is known and matches the DSA host key. debug1: Found key in /home/daren/.ssh/known_hosts:8 debug1: ssh_dss_verify: signature incorrect key_verify failed for server_host_key [daren@lithium daren]$ I did try removing the known_hosts entry, but it had no effect: [daren@lithium .ssh]$mv known_hosts known_hosts.bak [daren@lithium .ssh]$ssh -v puff OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7c-p1 30 Sep 2003 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to puff [x.x.x.x] port 22. debug1: Connection established. debug1: identity file /home/daren/.ssh/identity type -1 debug1: identity file /home/daren/.ssh/id_rsa type 1 debug1: identity file /home/daren/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1 Free BSD-20030924 debug1: match: OpenSSH_3.5p1 FreeBSD-20030924 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.8p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY The authenticity of host 'puff (x.x.x.x)' can't be established. DSA key fingerprint is f0:b5:90:fd:92:0d:4a:b6:87:13:45:63:72:a1:49:aa. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'puff,x.x.x.x' (DSA) to the list of known hosts. debug1: ssh_dss_verify: signature incorrect key_verify failed for server_host_key [daren@lithium .ssh]$
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1080674620.72899.3.camel>