Re: Host key verification failed

• Previous message: Andrew Afliatunov: "Can't login"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 3 Dec 2004 12:33:41 -0200 (BRDT)
To: "Radu Oprisan" <radu@matco.ro>

> Robert Moss wrote:
>
>>Hi,
>> The SSH key you are using looks to be in the wrong format. In your
>>debug output, there are a few lines:
>>
>>
>>debug3: Not a RSA1 key file /root/.ssh/id_rsa.
>>debug2: key_type_from_name: unknown key type '-----BEGIN'
>>debug3: key_read: missing keytype
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>debug3: key_read: missing
>> whitespace
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>>debug2: key_type_from_name: unknown key type '-----END'
>>debug3: key_read: missing keytype
>>
>>
>>The key probably looks something like this:
>>
>>
>>---- BEGIN SSH2 PUBLIC KEY ----
>>Comment: "1024-bit RSA, converted from OpenSSH by root@testbox"
>>AAAAB3NzaC1yc2EAAAABIwAAAIEAtegffmpCN/68ePgVbfjtXXwSKKiNyIKH1TnwG1C75U
>>yIEVSmxJr5wDh4iRcasdff394ZnCds3sHFV6uVILH+8t8q7MzA92BPG+jUMtawAG/i8FoU+
>>iyNLB9mn1CORGYBJRrabyUW3JT5t5fefH55hUr+isMH7zr90cHq0hPa9CE=
>>---- END SSH2 PUBLIC KEY ----
>>
>>
>>The key is most likely in 'SECSH Public Key File Format' format. You
>>need to convert it to the OpenSSH key format, similar to below:
>>
>>ssh-rsa
>>AAAAB3NzaC1yc2EAAAABIwAAAIEAtesutmpCN/68fPgVbfjtXXwSKKiNyIKH1TnwG1C75UyI
>>EVSmxJr5wDh4iRcdwpKE94ZnCds3sHFV6uVILH+8t8q7MzA92BPG+jUMtawAG/i8FoU+iyNL
>>ymlCORggBJRbarUW3JT5t5OW4+H55hUr+isMH7zr90cHq0hPa9CE= root@testbox
>>
>>
>>You can use the ssh-keygen program to convert from the above format to
>>the OpenSSH format.
>>
>>ssh-keygen -f <path to ssh key> -i
>>
>>You will need to do that for both the public and private keys.
>>
>>Hope this helps,
>>Robert Moss.
>>
>>
>>-----Original Message-----
>>From: wilis@dcc.ufmg.br [mailto:wilis@dcc.ufmg.br]
>>Sent: 18 November 2004 12:47
>>To: secureshell@securityfocus.com
>>Subject: Host key verification failed
>>
>>Hi,
>>
>> I'm using ssh client in a Slackware distribution Linux and trying to
>>connect to ssh server on mica.dcc.ufmg.br. But I can't connect to it and
>>can't connect to any other server.
>>
>>root@status:/var/tmp# ssh -version
>>OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004
>>
>> I need help. Thanks !
>>
>> This is the debug messages:
>>
>>root@status:/var/tmp# ssh mica.dcc.ufmg.br -l root -vvv OpenSSH_3.9p1,
>>OpenSSL 0.9.7d 17 Mar 2004
>>debug1: Reading configuration data /usr/local/etc/ssh_config
>>debug2: ssh_connect: needpriv 0
>>debug1: Connecting to mica.dcc.ufmg.br [150.164.0.134] port 22.
>>debug1: Connection established.
>>debug1: permanently_set_uid: 0/0
>>debug1: identity file /root/.ssh/identity type -1
>>debug3: Not a RSA1 key file /root/.ssh/id_rsa.
>>debug2: key_type_from_name: unknown key type '-----BEGIN'
>>debug3: key_read: missing keytype
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>>debug3: key_read: missing whitespace
>>debug2: key_type_from_name: unknown key type '-----END'
>>debug3: key_read: missing keytype
>>debug1: identity file /root/.ssh/id_rsa type 1
>>debug1: identity file /root/.ssh/id_dsa type -1
>>debug1: Remote protocol version 2.0, remote software version
>>OpenSSH_3.7.1p2
>>debug1: match: OpenSSH_3.7.1p2 pat OpenSSH*
>>debug1: Enabling compatibility mode for protocol 2.0
>>debug1: Local version string SSH-2.0-OpenSSH_3.9p1
>>debug2: fd 3 setting O_NONBLOCK
>>debug1: SSH2_MSG_KEXINIT sent
>>debug1: SSH2_MSG_KEXINIT received
>>debug2: kex_parse_kexinit:
>>diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-he
>>llman-group1-sha1
>>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>>debug2: kex_parse_kexinit:
>>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
>>bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
>>debug2: kex_parse_kexinit:
>>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
>>bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
>>debug2: kex_parse_kexinit:
>>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
>>6,hmac-md5-96
>>debug2: kex_parse_kexinit:
>>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
>>6,hmac-md5-96
>>debug2: kex_parse_kexinit: none,zlib
>>debug2: kex_parse_kexinit: none,zlib
>>debug2: kex_parse_kexinit:
>>debug2: kex_parse_kexinit:
>>debug2: kex_parse_kexinit: first_kex_follows 0
>>debug2: kex_parse_kexinit: reserved 0
>>debug2: kex_parse_kexinit:
>>diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
>>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>>debug2: kex_parse_kexinit:
>>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
>>bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
>>debug2: kex_parse_kexinit:
>>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
>>bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
>>debug2: kex_parse_kexinit:
>>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
>>6,hmac-md5-96
>>debug2: kex_parse_kexinit:
>>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
>>6,hmac-md5-96
>>debug2: kex_parse_kexinit: none,zlib
>>debug2: kex_parse_kexinit: none,zlib
>>debug2: kex_parse_kexinit:
>>debug2: kex_parse_kexinit:
>>debug2: kex_parse_kexinit: first_kex_follows 0
>>debug2: kex_parse_kexinit: reserved 0
>>debug2: mac_init: found hmac-md5
>>debug1: kex: server->client aes128-cbc hmac-md5 none
>>debug2: mac_init: found hmac-md5
>>debug1: kex: client->server aes128-cbc hmac-md5 none
>>debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>>debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>>debug2: dh_gen_key: priv key bits set: 136/256
>>debug2: bits set: 525/1024
>>debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>>debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>>debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
>>debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
>>debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
>>debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
>>debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
>>debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
>>debug2: no key of type 0 for host mica.dcc.ufmg.br
>>debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts2
>>debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts2
>>debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
>>debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
>>debug2: no key of type 2 for host mica.dcc.ufmg.br Host key verification
>>failed.
>>
>>
>>
>>
>>
> The problem is in the /etc/udev/rules.d/udev.rules
> there is a configuration problem in udev:
>
> # pty devices
> KERNEL="pty[p-za-e][0-9a-f]*", NAME="pty/m%n", SYMLINK="%k"
> #KERNEL="tty[p-za-e][0-9a-f]*", NAME="tty/s%n", SYMLINK="%k"
> KERNEL="tty[p-za-e][0-9a-f]*", NAME="pty/s%n", SYMLINK="%k"
>
> The comented line gets replaced with the line beneath it and it all gets
> better :).
>
>

Hi Radu,

 Yes, that was the problem. Now itīs ok.
 But how do you know it? What does that line in udev.rules mean ?

Thanks,
Charles

• Previous message: Andrew Afliatunov: "Can't login"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]