From owner-freebsd-stable@FreeBSD.ORG Wed Mar 31 11:50:31 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B023616A4CE for ; Wed, 31 Mar 2004 11:50:31 -0800 (PST) Received: from fep04-mail.bloor.is.net.cable.rogers.com (fep04-mail.bloor.is.net.cable.rogers.com [66.185.86.74]) by mx1.FreeBSD.org (Postfix) with ESMTP id E579943D41 for ; Wed, 31 Mar 2004 11:50:30 -0800 (PST) (envelope-from desjardins@canada.com) Received: from gateway.lan.daren.ca ([65.49.123.132]) by fep04-mail.bloor.is.net.cable.rogers.comESMTP <20040331194938.BQRX163224.fep04-mail.bloor.is.net.cable.rogers.com@gateway.lan.daren.ca> for ; Wed, 31 Mar 2004 14:49:38 -0500 Received: from [216.130.212.41] (account daren@daren.ca HELO [216.130.212.41]) by gateway.lan.daren.ca (CommuniGate Pro SMTP 4.1.8) with ESMTP id 220786 for freebsd-stable@freebsd.org; Wed, 31 Mar 2004 14:50:29 -0500 From: Daren Desjardins To: freebsd-stable@freebsd.org In-Reply-To: <1080746795.43045.1.camel@lithium.stabilia.com> References: <1080674620.72899.3.camel@lithium.stabilia.com> <1080746795.43045.1.camel@lithium.stabilia.com> Content-Type: text/plain Message-Id: <1080762634.43045.26.camel@lithium.stabilia.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Wed, 31 Mar 2004 14:50:34 -0500 Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH LOGIN at fep04-mail.bloor.is.net.cable.rogers.com from [65.49.123.132] using ID at Wed, 31 Mar 2004 14:49:38 -0500 Subject: Re: SSH issues with 4.9 stable (key_verify failed for server_host_key) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Mar 2004 19:50:31 -0000 Sigh... Thought I had it figured out but it wasnt. A friend also did an 4.9 release to 4.9stable upgrade and ran into the exact same problem. I spent time comparing the ssh -v output for the ssh(3.5) that is in the base, with the openssh(3.6) in the packages, and the newest ssh from openssh (3.8). The main thing I noticed is that the openssh in the base is the only one not working. Further, the OpenSSL version reported differs and that the base system seems to force a DSA host key authentication, whereas the port and openssh release use RSA (As seen in the included dumps). The machine is using a default(empty) ssh_config and sshd_config. I went through pretty much every google(web/groups) article I could find with no success. Even the ones that suggested turning off compiler optimizations... (Base ssh) OpenSSH_3.5p1 FreeBSD-20030924, SSH protocols 1.5/2.0, OpenSSL 0x0090703f debug1: Host 'x.x' is known and matches the DSA host key. debug1: Found key in /root/.ssh/known_hosts:8 debug1: bits set: 1602/3191 debug1: ssh_dss_verify: signature incorrect (Notice dss here) key_verify failed for server_host_key debug1: Calling cleanup 0x804c158(0x0) (Openssh release 3.8p1) OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7c-p1 30 Sep 2003 debug1: Host 'daren.ca' is known and matches the RSA host key. debug1: Found key in /root/.ssh/known_hosts:9 debug1: ssh_rsa_verify: signature correct (Notice rsa here) debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: keyboard-interactive Password: