Re: Host key verification failed

wilis_at_dcc.ufmg.br
Date: 12/03/04

  • Next message: Greg Norris: "Re: port forwarding"
    Date: Fri, 3 Dec 2004 12:33:41 -0200 (BRDT)
    To: "Radu Oprisan" <radu@matco.ro>
    
    

    > Robert Moss wrote:
    >
    >>Hi,
    >> The SSH key you are using looks to be in the wrong format. In your
    >>debug output, there are a few lines:
    >>
    >>
    >>debug3: Not a RSA1 key file /root/.ssh/id_rsa.
    >>debug2: key_type_from_name: unknown key type '-----BEGIN'
    >>debug3: key_read: missing keytype
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >debug3: key_read: missing
    >> whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug2: key_type_from_name: unknown key type '-----END'
    >>debug3: key_read: missing keytype
    >>
    >>
    >>The key probably looks something like this:
    >>
    >>
    >>---- BEGIN SSH2 PUBLIC KEY ----
    >>Comment: "1024-bit RSA, converted from OpenSSH by root@testbox"
    >>AAAAB3NzaC1yc2EAAAABIwAAAIEAtegffmpCN/68ePgVbfjtXXwSKKiNyIKH1TnwG1C75U
    >>yIEVSmxJr5wDh4iRcasdff394ZnCds3sHFV6uVILH+8t8q7MzA92BPG+jUMtawAG/i8FoU+
    >>iyNLB9mn1CORGYBJRrabyUW3JT5t5fefH55hUr+isMH7zr90cHq0hPa9CE=
    >>---- END SSH2 PUBLIC KEY ----
    >>
    >>
    >>The key is most likely in 'SECSH Public Key File Format' format. You
    >>need to convert it to the OpenSSH key format, similar to below:
    >>
    >>ssh-rsa
    >>AAAAB3NzaC1yc2EAAAABIwAAAIEAtesutmpCN/68fPgVbfjtXXwSKKiNyIKH1TnwG1C75UyI
    >>EVSmxJr5wDh4iRcdwpKE94ZnCds3sHFV6uVILH+8t8q7MzA92BPG+jUMtawAG/i8FoU+iyNL
    >>ymlCORggBJRbarUW3JT5t5OW4+H55hUr+isMH7zr90cHq0hPa9CE= root@testbox
    >>
    >>
    >>You can use the ssh-keygen program to convert from the above format to
    >>the OpenSSH format.
    >>
    >>ssh-keygen -f <path to ssh key> -i
    >>
    >>You will need to do that for both the public and private keys.
    >>
    >>Hope this helps,
    >>Robert Moss.
    >>
    >>
    >>-----Original Message-----
    >>From: wilis@dcc.ufmg.br [mailto:wilis@dcc.ufmg.br]
    >>Sent: 18 November 2004 12:47
    >>To: secureshell@securityfocus.com
    >>Subject: Host key verification failed
    >>
    >>Hi,
    >>
    >> I'm using ssh client in a Slackware distribution Linux and trying to
    >>connect to ssh server on mica.dcc.ufmg.br. But I can't connect to it and
    >>can't connect to any other server.
    >>
    >>root@status:/var/tmp# ssh -version
    >>OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004
    >>
    >> I need help. Thanks !
    >>
    >> This is the debug messages:
    >>
    >>root@status:/var/tmp# ssh mica.dcc.ufmg.br -l root -vvv OpenSSH_3.9p1,
    >>OpenSSL 0.9.7d 17 Mar 2004
    >>debug1: Reading configuration data /usr/local/etc/ssh_config
    >>debug2: ssh_connect: needpriv 0
    >>debug1: Connecting to mica.dcc.ufmg.br [150.164.0.134] port 22.
    >>debug1: Connection established.
    >>debug1: permanently_set_uid: 0/0
    >>debug1: identity file /root/.ssh/identity type -1
    >>debug3: Not a RSA1 key file /root/.ssh/id_rsa.
    >>debug2: key_type_from_name: unknown key type '-----BEGIN'
    >>debug3: key_read: missing keytype
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug3: key_read: missing whitespace
    >>debug2: key_type_from_name: unknown key type '-----END'
    >>debug3: key_read: missing keytype
    >>debug1: identity file /root/.ssh/id_rsa type 1
    >>debug1: identity file /root/.ssh/id_dsa type -1
    >>debug1: Remote protocol version 2.0, remote software version
    >>OpenSSH_3.7.1p2
    >>debug1: match: OpenSSH_3.7.1p2 pat OpenSSH*
    >>debug1: Enabling compatibility mode for protocol 2.0
    >>debug1: Local version string SSH-2.0-OpenSSH_3.9p1
    >>debug2: fd 3 setting O_NONBLOCK
    >>debug1: SSH2_MSG_KEXINIT sent
    >>debug1: SSH2_MSG_KEXINIT received
    >>debug2: kex_parse_kexinit:
    >>diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-he
    >>llman-group1-sha1
    >>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    >>debug2: kex_parse_kexinit:
    >>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
    >>bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    >>debug2: kex_parse_kexinit:
    >>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
    >>bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    >>debug2: kex_parse_kexinit:
    >>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
    >>6,hmac-md5-96
    >>debug2: kex_parse_kexinit:
    >>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
    >>6,hmac-md5-96
    >>debug2: kex_parse_kexinit: none,zlib
    >>debug2: kex_parse_kexinit: none,zlib
    >>debug2: kex_parse_kexinit:
    >>debug2: kex_parse_kexinit:
    >>debug2: kex_parse_kexinit: first_kex_follows 0
    >>debug2: kex_parse_kexinit: reserved 0
    >>debug2: kex_parse_kexinit:
    >>diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
    >>debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    >>debug2: kex_parse_kexinit:
    >>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
    >>bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    >>debug2: kex_parse_kexinit:
    >>aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
    >>bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
    >>debug2: kex_parse_kexinit:
    >>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
    >>6,hmac-md5-96
    >>debug2: kex_parse_kexinit:
    >>hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
    >>6,hmac-md5-96
    >>debug2: kex_parse_kexinit: none,zlib
    >>debug2: kex_parse_kexinit: none,zlib
    >>debug2: kex_parse_kexinit:
    >>debug2: kex_parse_kexinit:
    >>debug2: kex_parse_kexinit: first_kex_follows 0
    >>debug2: kex_parse_kexinit: reserved 0
    >>debug2: mac_init: found hmac-md5
    >>debug1: kex: server->client aes128-cbc hmac-md5 none
    >>debug2: mac_init: found hmac-md5
    >>debug1: kex: client->server aes128-cbc hmac-md5 none
    >>debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    >>debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    >>debug2: dh_gen_key: priv key bits set: 136/256
    >>debug2: bits set: 525/1024
    >>debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    >>debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    >>debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
    >>debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
    >>debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
    >>debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
    >>debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
    >>debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
    >>debug2: no key of type 0 for host mica.dcc.ufmg.br
    >>debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts2
    >>debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts2
    >>debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
    >>debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
    >>debug2: no key of type 2 for host mica.dcc.ufmg.br Host key verification
    >>failed.
    >>
    >>
    >>
    >>
    >>
    > The problem is in the /etc/udev/rules.d/udev.rules
    > there is a configuration problem in udev:
    >
    > # pty devices
    > KERNEL="pty[p-za-e][0-9a-f]*", NAME="pty/m%n", SYMLINK="%k"
    > #KERNEL="tty[p-za-e][0-9a-f]*", NAME="tty/s%n", SYMLINK="%k"
    > KERNEL="tty[p-za-e][0-9a-f]*", NAME="pty/s%n", SYMLINK="%k"
    >
    > The comented line gets replaced with the line beneath it and it all gets
    > better :).
    >
    >

    Hi Radu,

     Yes, that was the problem. Now itīs ok.
     But how do you know it? What does that line in udev.rules mean ?

    Thanks,
    Charles


  • Next message: Greg Norris: "Re: port forwarding"

    Relevant Pages

    • Re: PuTTY - "couldnt load private key from ..."
      ... PuTTY has its own format of the private key, you might have to convert the ... I checked the FAQ and I know FOR SURE that I have "Preferred SSH ... but using either a SSH2-RSA or DSA key by selecting ...
      (comp.security.ssh)
    • Re: sftp Authentication Issue (Unix to Windows)
      ... the public key that I have sent them is in the wrong format (there's a ... KnowledgeBase article, ID 31930, posted on the ssh support website ... you must convert the public key format from SecSH (the format ... On which server is this meant to be run - the Unix or Windows? ...
      (comp.security.ssh)
    • Re: sftp Authentication Issue (Unix to Windows)
      ... KnowledgeBase article, ID 31930, posted on the ssh support website ... you must convert the public key format from SecSH (the format ... On which server is this meant to be run - the Unix or Windows? ...
      (comp.security.ssh)
    • Re: SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permi
      ... I spent a few hours yesterday trying to get SSH going again. ... the plink program in Putty), we must use public key authentication. ... trying to log into uses the slightly different format from the OpenSSH ...
      (freebsd-questions)
    • Re: Host key verification failed
      ... Robert Moss wrote: ... > The SSH key you are using looks to be in the wrong format. ... >debug output, ... >The key is most likely in 'SECSH Public Key File Format' format. ...
      (SSH)