Date: Mon, 24 Feb 2003 09:42:42 -0500 From: "John Straiton" <jsmailing@clickcom.com> To: "'Matthew Seaman'" <m.seaman@infracaninophile.co.uk>, <freebsd-questions@FreeBSD.ORG> Subject: RE: Changes in sshd? Message-ID: <004201c2dc12$ffaf8450$1916c60a@win2k.clickcom.com> In-Reply-To: <20030224113248.GB22678@happy-idiot-talk.infracaninophi>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for all the info! Regretibly, I'm still having problems...
> My guess is that when you did your re-install you didn't
> backup and restore the host keys for your machine. That
> means that all of the accounts on systems you've been
> connecting to will have the old host keys in the
> ${HOME}/.ssh/known_hosts files. That leads the ssh servers
> on those machines to believe that your newly installed 5.0
> server is actually some sort of impostor, hence they refuse access.
The client was the only one reinstalled, the server was untouched until
I sent up a new "identity.pub". Because I did not restore any .ssh/
files, there is no known_hosts file.
I have confirmed this via:
#find / -name "known_hosts" -print
While being su'ed to root.
Now, this got me to thinking that maybe it wouldn't auto-connect 'cause
there was no known_hosts file... So I removed the authorized_keys from
the server and tried to connect in hopes to create the known_hosts file
but I still got the same error:
Host key verification failed.
The only known_hosts file that exists on the machine is in
/root/.ssh/known_hosts which does not have a problem connecting. So I
figured rather than properly diagnose this, I'd make it work again since
I'm starting to run against time constraints...too bad it didn't work:
# cp /root/.ssh/known_hosts /home/myuser/.ssh/
# su myuser
%ssh xxx.xxx.xx.xx
Permission denied, please try again.
Permission denied, please try again.
Received disconnect from xxx.xxx.xx.xx: 2: Too many authentication
failures for myuser
%ssh -1 xxx.xxx.xx.xx
WARNING: DSA key found for host 209.198.22.23 in
/home/myuser/.ssh/known_hosts:1
DSA key fingerprint 8a:58:15:a5:9b:1c:1a:65:1f:0c:4d:b9:03:d2:f7:8b.
Host key verification failed.
%
> RSA1 key type and hence the SSHv1 protocol. If you can, you
> would be well advised to switch to SSHv2 which is rather more
> secure, and supported pretty much everywhere now.
Thanks, after seeing this being an option now, I had planned on
migrating to this, but I figured I'd get rsa1 to work again first.
Unfortunately, until I can ssh to the machine at all, I can't get either
mechanism to work I fear. I have tried using the dsa key but it doesn't
work either.
More ideas?
John
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004201c2dc12$ffaf8450$1916c60a>