From owner-freebsd-stable@FreeBSD.ORG Wed Mar 31 13:27:48 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABE0316A4CE for ; Wed, 31 Mar 2004 13:27:48 -0800 (PST) Received: from fep01-mail.bloor.is.net.cable.rogers.com (fep01-mail.bloor.is.net.cable.rogers.com [66.185.86.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E7B743D1F for ; Wed, 31 Mar 2004 13:27:48 -0800 (PST) (envelope-from desjardins@canada.com) Received: from gateway.lan.daren.ca ([65.49.123.132]) by fep01-mail.bloor.is.net.cable.rogers.comESMTP <20040331212656.CBSZ138614.fep01-mail.bloor.is.net.cable.rogers.com@gateway.lan.daren.ca>; Wed, 31 Mar 2004 16:26:56 -0500 Received: from [216.130.212.41] (account daren@daren.ca HELO [216.130.212.41]) by gateway.lan.daren.ca (CommuniGate Pro SMTP 4.1.8) with ESMTP id 220797; Wed, 31 Mar 2004 16:27:46 -0500 From: Daren Desjardins To: David.E.Tweten@nasa.gov In-Reply-To: <3268.1080767681@gilmore.nas.nasa.gov> References: <3268.1080767681@gilmore.nas.nasa.gov> Content-Type: text/plain Message-Id: <1080768472.43045.31.camel@lithium.stabilia.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Wed, 31 Mar 2004 16:27:52 -0500 Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH LOGIN at fep01-mail.bloor.is.net.cable.rogers.com from [65.49.123.132] using ID at Wed, 31 Mar 2004 16:26:56 -0500 cc: freebsd-stable@freebsd.org Subject: Re: SSH issues with 4.9 stable (key_verify failed for server_host_key) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Mar 2004 21:27:48 -0000 > >... the base system seems to force a DSA host key authentication, whereas the > >port and openssh release use RSA ... > > Why do you care? Give your machine all three kinds of machine key > (protocol 1.5, protocol 2.0 RSA, and protocol 2.0 DSA). If you want to > use public key authentication, give yourself all three types of personal > key too. That way, you are prepared for whatever slight misconfiguration > there may be at the other end of your attempted connection. Its not that I care, am just trying to point out anything I can that could indicate the cause of the problem. I tried using your config files, and the result is included below. OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL 0x0090703f debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: ssh_connect: needpriv 1 debug1: Connecting to daren.ca [3ffe:b80:19a3:1::1] port 22. debug1: Allocated local port 1016. debug1: connect to address 3ffe:b80:19a3:1::1 port 22: No route to host debug1: Connecting to daren.ca [65.49.123.132] port 22. debug1: Allocated local port 1015. debug1: Connection established. debug1: read PEM private key done: type DSA debug1: read PEM private key done: type RSA debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type -1 debug1: identity file /root/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.5p1 FreeBSD-20030924 debug1: match: OpenSSH_3.5p1 FreeBSD-20030924 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.5p1 ssh_config $Revision: 1.1.1.1 $ debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client arcfour hmac-md5 none debug1: kex: client->server arcfour hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 111/256 debug1: bits set: 1605/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY No DSA host key is known for daren.ca and you have requested strict checking. Host key verification failed. debug1: Calling cleanup 0x804c158(0x0)