From owner-freebsd-stable@FreeBSD.ORG Tue Mar 30 11:23:38 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 41B7516A4CE for ; Tue, 30 Mar 2004 11:23:38 -0800 (PST) Received: from fep01-mail.bloor.is.net.cable.rogers.com (fep01-mail.bloor.is.net.cable.rogers.com [66.185.86.71]) by mx1.FreeBSD.org (Postfix) with ESMTP id A6AA943D1D for ; Tue, 30 Mar 2004 11:23:37 -0800 (PST) (envelope-from desjardins@canada.com) Received: from gateway.lan.daren.ca ([65.49.123.132]) by fep01-mail.bloor.is.net.cable.rogers.comESMTP <20040330192247.LNFJ138614.fep01-mail.bloor.is.net.cable.rogers.com@gateway.lan.daren.ca> for ; Tue, 30 Mar 2004 14:22:47 -0500 Received: from [216.130.212.41] (account daren@daren.ca HELO [216.130.212.41]) by gateway.lan.daren.ca (CommuniGate Pro SMTP 4.1.8) with ESMTP id 220668 for freebsd-stable@freebsd.org; Tue, 30 Mar 2004 14:23:36 -0500 From: Daren Desjardins To: freebsd-stable@freebsd.org Content-Type: text/plain Message-Id: <1080674620.72899.3.camel@lithium.stabilia.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Tue, 30 Mar 2004 14:23:40 -0500 Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH LOGIN at fep01-mail.bloor.is.net.cable.rogers.com from [65.49.123.132] using ID at Tue, 30 Mar 2004 14:22:47 -0500 Subject: SSH issues with 4.9 stable (key_verify failed for server_host_key) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Mar 2004 19:23:38 -0000 I upgraded to 4.9 stable from 4.9 release and now have difficulty connecting via ssh to hosts. The error I get is: key_verify failed for server_host_key If I modify the sshd_config for the server I am connecting to and change to the following, it works: Protocol 2 # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key ssh verbose dump: [daren@lithium daren]$ssh -v puff OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7c-p1 30 Sep 2003 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to puff [x.x.x.x] port 22. debug1: Connection established. debug1: identity file /home/daren/.ssh/identity type -1 debug1: identity file /home/daren/.ssh/id_rsa type 1 debug1: identity file /home/daren/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1 Free BSD-20030924 debug1: match: OpenSSH_3.5p1 FreeBSD-20030924 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.8p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'puff' is known and matches the DSA host key. debug1: Found key in /home/daren/.ssh/known_hosts:8 debug1: ssh_dss_verify: signature incorrect key_verify failed for server_host_key [daren@lithium daren]$ I did try removing the known_hosts entry, but it had no effect: [daren@lithium .ssh]$mv known_hosts known_hosts.bak [daren@lithium .ssh]$ssh -v puff OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7c-p1 30 Sep 2003 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Connecting to puff [x.x.x.x] port 22. debug1: Connection established. debug1: identity file /home/daren/.ssh/identity type -1 debug1: identity file /home/daren/.ssh/id_rsa type 1 debug1: identity file /home/daren/.ssh/id_dsa type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.5p1 Free BSD-20030924 debug1: match: OpenSSH_3.5p1 FreeBSD-20030924 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.8p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY The authenticity of host 'puff (x.x.x.x)' can't be established. DSA key fingerprint is f0:b5:90:fd:92:0d:4a:b6:87:13:45:63:72:a1:49:aa. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'puff,x.x.x.x' (DSA) to the list of known hosts. debug1: ssh_dss_verify: signature incorrect key_verify failed for server_host_key [daren@lithium .ssh]$