SSH issues with 4.9 stable (key_verify failed for server_host_key)

From: Daren Desjardins (desjardins_at_canada.com)
Date: 03/30/04

Next message: Greg 'groggy' Lehey: "Re: Serious bug in vinum?"

Previous message: Mark Woodson: "Re: Security related questions"
Next in thread: Daren Desjardins: "Re: SSH issues with 4.9 stable (key_verify failed for server_host_key)"
Reply: Daren Desjardins: "Re: SSH issues with 4.9 stable (key_verify failed for server_host_key)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: freebsd-stable@freebsd.org
Date: Tue, 30 Mar 2004 14:23:40 -0500

I upgraded to 4.9 stable from 4.9 release and now have difficulty
connecting via ssh to hosts. The error I get is:

key_verify failed for server_host_key

If I modify the sshd_config for the server I am connecting to and change
to the following, it works:

Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key

ssh verbose dump:

[daren@lithium daren]$ssh -v puff
OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7c-p1 30 Sep 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to puff [x.x.x.x] port 22.
debug1: Connection established.
debug1: identity file /home/daren/.ssh/identity type -1
debug1: identity file /home/daren/.ssh/id_rsa type 1
debug1: identity file /home/daren/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.5p1 Free BSD-20030924
debug1: match: OpenSSH_3.5p1 FreeBSD-20030924 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'puff' is known and matches the DSA host key.
debug1: Found key in /home/daren/.ssh/known_hosts:8
debug1: ssh_dss_verify: signature incorrect
key_verify failed for server_host_key
[daren@lithium daren]$

I did try removing the known_hosts entry, but it had no effect:

[daren@lithium .ssh]$mv known_hosts known_hosts.bak
[daren@lithium .ssh]$ssh -v puff
OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7c-p1 30 Sep 2003
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to puff [x.x.x.x] port 22.
debug1: Connection established.
debug1: identity file /home/daren/.ssh/identity type -1
debug1: identity file /home/daren/.ssh/id_rsa type 1
debug1: identity file /home/daren/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version
OpenSSH_3.5p1 Free BSD-20030924
debug1: match: OpenSSH_3.5p1 FreeBSD-20030924 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
The authenticity of host 'puff (x.x.x.x)' can't be established.
DSA key fingerprint is f0:b5:90:fd:92:0d:4a:b6:87:13:45:63:72:a1:49:aa.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'puff,x.x.x.x' (DSA) to the list of known
hosts.
debug1: ssh_dss_verify: signature incorrect
key_verify failed for server_host_key
[daren@lithium .ssh]$

_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"

Next message: Greg 'groggy' Lehey: "Re: Serious bug in vinum?"

Previous message: Mark Woodson: "Re: Security related questions"
Next in thread: Daren Desjardins: "Re: SSH issues with 4.9 stable (key_verify failed for server_host_key)"
Reply: Daren Desjardins: "Re: SSH issues with 4.9 stable (key_verify failed for server_host_key)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages

Re: PuTTY failing "Servers host key did not match the signature supplied" suddenly
... The authenticity of host 'mydomainname.com ' can't be ... Are you sure you want to continue connecting? ... debug1: Connecting to localhost port 22. ...
(comp.security.ssh)
SFTP is prompting for password
... Connecting to TRG... ... debug1: Reading configuration data ... debug2: key_type_from_name: unknown key type ... debug3: key_read: no key found ...
(SSH)
Re: ssh with 10.0??
... but when I use ssh, ... debug1: Connecting to menze port 22. ...
(alt.os.linux.suse)
Remote protocol version??
... I have a number of Solaris 8 machines running Openssh3.8p1, ... I have an odd problem with connecting from a 3.8 machine to a 3.7.1. ... debug1: Connecting to madeupname port 22. ... Remote protocol version 1.99, ...
(comp.security.ssh)
Q: How to suppress server OpenSSH version...
... Is there any way to suppress advertising the server software version ... when connecting with a client? ... debug1: Remote protocol version 1.99, ...
(comp.security.ssh)