SSH issues with 4.9 stable (key_verify failed for server_host_key)
Daren Desjardins
desjardins at canada.com
Tue Mar 30 11:23:38 PST 2004
I upgraded to 4.9 stable from 4.9 release and now have difficulty
connecting via ssh to hosts. The error I get is:
key_verify failed for server_host_key
If I modify the sshd_config for the server I am connecting to and change
to the following, it works:
Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ssh verbose dump:
[daren at lithium daren]$ssh -v puff
OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7c-p1 30 Sep 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to puff [x.x.x.x] port 22.
debug1: Connection established.
debug1: identity file /home/daren/.ssh/identity type -1
debug1: identity file /home/daren/.ssh/id_rsa type 1
debug1: identity file /home/daren/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.5p1 Free BSD-20030924
debug1: match: OpenSSH_3.5p1 FreeBSD-20030924 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'puff' is known and matches the DSA host key.
debug1: Found key in /home/daren/.ssh/known_hosts:8
debug1: ssh_dss_verify: signature incorrect
key_verify failed for server_host_key
[daren at lithium daren]$
I did try removing the known_hosts entry, but it had no effect:
[daren at lithium .ssh]$mv known_hosts known_hosts.bak
[daren at lithium .ssh]$ssh -v puff
OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7c-p1 30 Sep 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to puff [x.x.x.x] port 22.
debug1: Connection established.
debug1: identity file /home/daren/.ssh/identity type -1
debug1: identity file /home/daren/.ssh/id_rsa type 1
debug1: identity file /home/daren/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.5p1 Free BSD-20030924
debug1: match: OpenSSH_3.5p1 FreeBSD-20030924 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
The authenticity of host 'puff (x.x.x.x)' can't be established.
DSA key fingerprint is f0:b5:90:fd:92:0d:4a:b6:87:13:45:63:72:a1:49:aa.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'puff,x.x.x.x' (DSA) to the list of known
hosts.
debug1: ssh_dss_verify: signature incorrect
key_verify failed for server_host_key
[daren at lithium .ssh]$
More information about the freebsd-stable
mailing list