Re: PuTTY failing "Server's host key did not match the signature supplied" suddenly
- From: Raymond <rpau88@xxxxxxxxx>
- Date: Mon, 10 Mar 2008 20:10:53 -0700 (PDT)
On Mar 11, 9:44 am, comph...@xxxxxxxxx (Todd H.) wrote:
Raymond <rpa...@xxxxxxxxx> writes:
Ok, this is what I get:
# ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
2048 4b:22:b7:31:73:66:64:07:c5:2d:51:3e:69:82:9e:53 /etc/ssh/
ssh_host_rsa_key.pub
# ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub
1024 fb:23:96:4f:96:fa:ca:3a:d1:a2:d3:69:96:a0:7c:1e /etc/ssh/
ssh_host_dsa_key.pub
Don't need to be root to do these typically, fwiw. What machine did
you run this on?
On the server console itself.
On the same server itself too. I had replaced the actual domain nameswitch to a normal user:
$ ssh mydomainname.com
The authenticity of host 'mydomainname.com (00.000.000.000)' can't be
established.
RSA key fingerprint is 4b:22:b7:31:73:66:64:07:c5:2d:51:3e:69:82:9e:
53.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'mydomainname.com,00.000.000.000' (RSA) to
the list of known hosts.
hash mismatch
key_verify failed for server_host_key
Okay. Redo that with the -v switch and post here. -v is for
verbose and will tell you far more detail as to where exactly it's
failing.
And where was this done from?
and IP Address with the dummy "mydomainname.com" for privacy.
This is what I get with the -v flag:
$ ssh -v localhost
OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/xxxx/.ssh/identity type -1
debug1: identity file /home/xxxx/.ssh/id_rsa type 1
debug1: identity file /home/xxxx/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version
OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /home/xxxx/.ssh/known_hosts:2
hash mismatch
debug1: ssh_rsa_verify: signature incorrect
key_verify failed for server_host_key
$ ssh -v localhost
OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
debug1: identity file /home/xxxx/.ssh/identity type -1
debug1: identity file /home/xxxx/.ssh/id_rsa type 1
debug1: identity file /home/xxxx/.ssh/id_dsa type -1
debug1: loaded 3 keys
debug1: Remote protocol version 2.0, remote software version
OpenSSH_4.3
debug1: match: OpenSSH_4.3 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'localhost' is known and matches the RSA host key.
debug1: Found key in /home/xxxx/.ssh/known_hosts:2
RSA_public_decrypt failed: error:0407006A:rsa
routines:RSA_padding_check_PKCS1_type_1:block type is not 01
debug1: ssh_rsa_verify: signature incorrect
key_verify failed for server_host_key
I had replace the actual username with "xxxx" for privacy.
$ ssh localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is 4b:22:b7:31:73:66:64:07:c5:2d:51:3e:69:82:9e:
53.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known
hosts.
hash mismatch
key_verify failed for server_host_key
Was this done from the perspective of your domain?
The strange thing is, if I tried hard enough, retrying the connection
repeatedly, it will sometimes get connected.
Both openssh client and PuTTY exhibit the same problem. I would think
that the problem lies with openssh server then.
Any load balancing going on that you might not be aware of?
Nope. No load balancing, only 1 server.
.
How do I troubleshoot this kind of problem? Any logs that I can
watch?
/var/log/messages perhaps, depending on the logging level
Wherever /etc/syslog.conf points all stuff to.
--
Todd H.http://www.toddh.net/
- Follow-Ups:
- References:
- PuTTY failing "Server's host key did not match the signature supplied" suddenly
- From: Raymond
- Re: PuTTY failing "Server's host key did not match the signature supplied" suddenly
- From: Todd H.
- Re: PuTTY failing "Server's host key did not match the signature supplied" suddenly
- From: Raymond
- Re: PuTTY failing "Server's host key did not match the signature supplied" suddenly
- From: Todd H.
- PuTTY failing "Server's host key did not match the signature supplied" suddenly
- Prev by Date: Re: PuTTY failing "Server's host key did not match the signature supplied" suddenly
- Next by Date: Re: PuTTY failing "Server's host key did not match the signature supplied" suddenly
- Previous by thread: Re: PuTTY failing "Server's host key did not match the signature supplied" suddenly
- Next by thread: Re: PuTTY failing "Server's host key did not match the signature supplied" suddenly
- Index(es):
Relevant Pages
|
