Re: Host key verification failed

wilis_at_dcc.ufmg.br
Date: 12/03/04

  • Next message: Greg Norris: "Re: port forwarding"
    Date: Fri, 3 Dec 2004 12:33:41 -0200 (BRDT)
    To: "Radu Oprisan" <radu@matco.ro>
    
    

    > Robert Moss wrote:
    >
    >>Hi,
    >> The SSH key you are using looks to be in the wrong format. In your
    >>debug output, there are a few lines:
    >>
    >>
    >>debug3: Not a RSA1 key file /root/.ssh/id_rsa.
    >>debug2: key_type_from_name: unknown key type '-----BEGIN'
    >>debug3: key_read: missing keytype
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >debug3: key_read: missing
    >> whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug2: key_type_from_name: unknown key type '-----END'
    >>debug3: key_read: missing keytype
    >>
    >>
    >>The key probably looks something like this:
    >>
    >>
    >>---- BEGIN SSH2 PUBLIC KEY ----
    >>Comment: "1024-bit RSA, converted from OpenSSH by root@testbox"
    >>AAAAB3NzaC1yc2EAAAABIwAAAIEAtegffmpCN/68ePgVbfjtXXwSKKiNyIKH1TnwG1C75U
    >>yIEVSmxJr5wDh4iRcasdff394ZnCds3sHFV6uVILH+8t8q7MzA92BPG+jUMtawAG/i8FoU+
    >>iyNLB9mn1CORGYBJRrabyUW3JT5t5fefH55hUr+isMH7zr90cHq0hPa9CE=
    >>---- END SSH2 PUBLIC KEY ----
    >>
    >>
    >>The key is most likely in 'SECSH Public Key File Format' format. You
    >>need to convert it to the OpenSSH key format, similar to below:
    >>
    >>ssh-rsa
    >>AAAAB3NzaC1yc2EAAAABIwAAAIEAtesutmpCN/68fPgVbfjtXXwSKKiNyIKH1TnwG1C75UyI
    >>EVSmxJr5wDh4iRcdwpKE94ZnCds3sHFV6uVILH+8t8q7MzA92BPG+jUMtawAG/i8FoU+iyNL
    >>ymlCORggBJRbarUW3JT5t5OW4+H55hUr+isMH7zr90cHq0hPa9CE= root@testbox
    >>
    >>
    >>You can use the ssh-keygen program to convert from the above format to
    >>the OpenSSH format.
    >>
    >>ssh-keygen -f <path to ssh key> -i
    >>
    >>You will need to do that for both the public and private keys.
    >>
    >>Hope this helps,
    >>Robert Moss.
    >>
    >>
    >>-----Original Message-----
    >>From: wilis@dcc.ufmg.br [mailto:wilis@dcc.ufmg.br]
    >>Sent: 18 November 2004 12:47
    >>To: secureshell@securityfocus.com
    >>Subject: Host key verification failed
    >>
    >>Hi,
    >>
    >> I'm using ssh client in a Slackware distribution Linux and trying to
    >>connect to ssh server on mica.dcc.ufmg.br. But I can't connect to it and
    >>can't connect to any other server.
    >>
    >>root@status:/var/tmp# ssh -version
    >>OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004
    >>
    >> I need help. Thanks !
    >>
    >> This is the debug messages:
    >>
    >>root@status:/var/tmp# ssh mica.dcc.ufmg.br -l root -vvv OpenSSH_3.9p1,
    >>OpenSSL 0.9.7d 17 Mar 2004
    >>debug1: Reading configuration data /usr/local/etc/ssh_config
    >>debug2: ssh_connect: needpriv 0
    >>debug1: Connecting to mica.dcc.ufmg.br [150.164.0.134] port 22.
    >>debug1: Connection established.
    >>debug1: permanently_set_uid: 0/0
    >>debug1: identity file /root/.ssh/identity type -1
    >>debug3: Not a RSA1 key file /root/.ssh/id_rsa.
    >>debug2: key_type_from_name: unknown key type '-----BEGIN'
    >>debug3: key_read: missing keytype
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug2: key_type_from_name: unknown key type '-----END'
    >>debug3: key_read: missing keytype
    >>debug1: identity file /root/.ssh/id_rsa type 1
    >>debug1: identity file /root/.ssh/id_dsa type -1
    >>debug1: Remote protocol version 2.0, remote software version
    >>OpenSSH_3.7.1p2
    >>debug1: match: OpenSSH_3.7.1p2 pat OpenSSH*
    >>debug1: Enabling compatibility mode for protocol 2.0
    >>debug1: Local version string SSH-2.0-OpenSSH_3.9p1
    >>debug2: fd 3 setting O_NONBLOCK
    >>debug1: SSH2_MSG_KEXINIT sent
    >>debug1: SSH2_MSG_KEXINIT received
    >>debug2: kex_parse_kexinit:
    >>diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-he
    >>llman-group1-sha1
    >>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    >>debug2: kex_parse_kexinit:
    >>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
    >>bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    >>debug2: kex_parse_kexinit:
    >>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
    >>bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    >>debug2: kex_parse_kexinit:
    >>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
    >>6,hmac-md5-96
    >>debug2: kex_parse_kexinit:
    >>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
    >>6,hmac-md5-96
    >>debug2: kex_parse_kexinit: none,zlib
    >>debug2: kex_parse_kexinit: none,zlib
    >>debug2: kex_parse_kexinit:
    >>debug2: kex_parse_kexinit:
    >>debug2: kex_parse_kexinit: first_kex_follows 0
    >>debug2: kex_parse_kexinit: reserved 0
    >>debug2: kex_parse_kexinit:
    >>diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
    >>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    >>debug2: kex_parse_kexinit:
    >>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
    >>bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    >>debug2: kex_parse_kexinit:
    >>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
    >>bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    >>debug2: kex_parse_kexinit:
    >>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
    >>6,hmac-md5-96
    >>debug2: kex_parse_kexinit:
    >>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
    >>6,hmac-md5-96
    >>debug2: kex_parse_kexinit: none,zlib
    >>debug2: kex_parse_kexinit: none,zlib
    >>debug2: kex_parse_kexinit:
    >>debug2: kex_parse_kexinit:
    >>debug2: kex_parse_kexinit: first_kex_follows 0
    >>debug2: kex_parse_kexinit: reserved 0
    >>debug2: mac_init: found hmac-md5
    >>debug1: kex: server->client aes128-cbc hmac-md5 none
    >>debug2: mac_init: found hmac-md5
    >>debug1: kex: client->server aes128-cbc hmac-md5 none
    >>debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    >>debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    >>debug2: dh_gen_key: priv key bits set: 136/256
    >>debug2: bits set: 525/1024
    >>debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    >>debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    >>debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
    >>debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
    >>debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
    >>debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
    >>debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
    >>debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
    >>debug2: no key of type 0 for host mica.dcc.ufmg.br
    >>debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts2
    >>debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts2
    >>debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
    >>debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
    >>debug2: no key of type 2 for host mica.dcc.ufmg.br Host key verification
    >>failed.
    >>
    >>
    >>
    >>
    >>
    > The problem is in the /etc/udev/rules.d/udev.rules
    > there is a configuration problem in udev:
    >
    > # pty devices
    > KERNEL="pty[p-za-e][0-9a-f]*", NAME="pty/m%n", SYMLINK="%k"
    > #KERNEL="tty[p-za-e][0-9a-f]*", NAME="tty/s%n", SYMLINK="%k"
    > KERNEL="tty[p-za-e][0-9a-f]*", NAME="pty/s%n", SYMLINK="%k"
    >
    > The comented line gets replaced with the line beneath it and it all gets
    > better :).
    >
    >

    Hi Radu,

     Yes, that was the problem. Now itīs ok.
     But how do you know it? What does that line in udev.rules mean ?

    Thanks,
    Charles


  • Next message: Greg Norris: "Re: port forwarding"