Re: ssh issue after security upgrade




I completely removed the known_hosts files to make sure it wasn't. After reinstalling the openssh_client
and about 3 reboots though it started working.



Hari Sekhon wrote:
Robert L. Harris wrote:




I just upgraded SSH on two hosts due to the security vulnerability. The
remote machine is Debian Woody running openssh-client 4.3p2-9, server is
the same level. One of the two local machines is ubuntu gutsy running
1:4.6p1-5ubuntu0.5 for both client and server. The other local machine
is debian sarge running: 3.8.1p1-8.sarg.


When i ssh from the remote machine to local I get:

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/robert/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/robert/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/robert/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 0 for host harvard
debug3: check_host_in_hostfile: filename /home/robert/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: filename /home/robert/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 2 for host harvard
Host key verification failed.


~ I get the same message no matter which local machine I'm sshing to. I
have a debian lenny box with which can connect successfully to both
local hosts. I have removed /home/robert/.ssh/known_hosts on the
remote machine and I still get that entry.

~ Anyone have any ideas?


Read around the upgrade. Due to a potential vulnerability in the generated keys they are re-created new when you upgrade ssh. Check the new key is the right one and then accept it.

-h


--
:wq
-----------------------------------------------------------------------------
Robert L. Harris
Manager, Application Systems
Corona Solutions
(720) 685-9550
http://www.coronasolutions.com