Re: SSH issues with 4.9 stable (key_verify failed for server_host_key)

From: Daren Desjardins (desjardins_at_canada.com)
Date: 03/31/04

  • Next message: Dave Tweten: "Re: SSH issues with 4.9 stable (key_verify failed for server_host_key)" 
    To: freebsd-stable@freebsd.org
Date: Wed, 31 Mar 2004 14:50:34 -0500

    Sigh...

    Thought I had it figured out but it wasnt. A friend also did an 4.9
    release to 4.9stable upgrade and ran into the exact same problem. I
    spent time comparing the ssh -v output for the ssh(3.5) that is in the
    base, with the openssh(3.6) in the packages, and the newest ssh from
    openssh (3.8).

    The main thing I noticed is that the openssh in the base is the only one
    not working. Further, the OpenSSL version reported differs and that the
    base system seems to force a DSA host key authentication, whereas the
    port and openssh release use RSA (As seen in the included dumps).

    The machine is using a default(empty) ssh_config and sshd_config.

    I went through pretty much every google(web/groups) article I could find
    with no success. Even the ones that suggested turning off compiler
    optimizations...

    (Base ssh)
    OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL
    0x0090703f

    debug1: Host 'x.x' is known and matches the DSA host key.
    debug1: Found key in /root/.ssh/known_hosts:8
    debug1: bits set: 1602/3191
    debug1: ssh_dss_verify: signature incorrect (Notice dss here)
    key_verify failed for server_host_key
    debug1: Calling cleanup 0x804c158(0x0)

    (Openssh release 3.8p1)
    OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7c-p1 30 Sep 2003

    debug1: Host 'daren.ca' is known and matches the RSA host key.
    debug1: Found key in /root/.ssh/known_hosts:9
    debug1: ssh_rsa_verify: signature correct (Notice rsa here)
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue:
    publickey,password,keyboard-interactive
    debug1: Next authentication method: keyboard-interactive
    Password:

    _______________________________________________
    freebsd-stable@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-stable
    To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"

  • Next message: Dave Tweten: "Re: SSH issues with 4.9 stable (key_verify failed for server_host_key)"

    Relevant Pages

    • Re: Kerberos, external-keyx authentication, Mac OS X
      ... OpenSSH has been configured with the following options: ... PAM support: no ... debug1: Connecting to server.gov port 22. ... If you use Kerberos in the ...
      (comp.security.ssh)
    • PubKey Auth from F-Secure to OpenSSH - not working
      ... I have PubKey Auth working fine from OpenSSH to F-Secure. ... debug1: kex_derive_keys ... userauth-request for user perfboy service ssh-connection ... Failed none for perfboy from <remote srv IP> port 33865 ssh2 ...
      (comp.security.ssh)
    • error:key_read, hostname failed
      ... and I have openssh 3.4.1 on the server. ... Can you think of any reason why ssh would work and sftp/scp wouldn't? ... debug1: Rhosts Authentication disabled, ... Host ''hostname' is known and matches the RSA1 host key. ...
      (comp.security.ssh)
    • Re: OpenSSH Password Authencation with SSH2 server
      ... > OpenSSH Password Authencation works with another OpenSSH server after: ... > For OpenSSH Password Authencation with a SSH2 server I did the following: ... > debug1: Connection established. ...
      (comp.security.ssh)
    • OpenSSH 3.4p1 on FreeBSD and pam-opie module
      ... OpenSSH 3.4 is having quite a few problems with authentication. ... debug3: Trying to reverse map address 192.168.0.3. ... debug1: userauth-request for user astjean service ssh-connection method ... debug2: input_userauth_request: setting up authctxt for astjean ...
      (comp.security.ssh)