ssh host key verification failed on one of the clients only -


i can't ssh client "a" server "b" (but can many other ssh clients on same subnet "a" - *nux machines)

servera>ssh -v -p port user@serverb

openssh_5.3p1 debian-3ubuntu5, openssl 0.9.8k 25 mar 2009   debug1: reading configuration data /etc/ssh/ssh_config   debug1: applying options *   debug1: connecting serverb [serverb] port port.   debug1: connection established.   debug1: identity file /home/user_a/.ssh/id_rsa type -1   debug1: identity file /home/user_a/.ssh/id_dsa type 2   debug1: checking blacklist file /usr/share/ssh/blacklist.dsa-1024   debug1: checking blacklist file /etc/ssh/blacklist.dsa-1024   debug1: remote protocol version 2.0, remote software version openssh_5.1p1 debian-5   debug1: match: openssh_5.1p1 debian-5 pat openssh*   debug1: enabling compatibility mode protocol 2.0   debug1: local version string ssh-2.0-openssh_5.3p1 debian-3ubuntu5   debug1: ssh2_msg_kexinit sent   debug1: ssh2_msg_kexinit received   debug1: kex: server->client aes128-ctr hmac-md5 none   debug1: kex: client->server aes128-ctr hmac-md5 none   debug1: ssh2_msg_kex_dh_gex_request(1024<1024<8192) sent   debug1: expecting ssh2_msg_kex_dh_gex_group   debug1: ssh2_msg_kex_dh_gex_init sent   debug1: expecting ssh2_msg_kex_dh_gex_reply   debug1: checking without port identifier   host key verification failed.   

i've checked these following pts on client - server looks point - :

  • user_a/.ssh directory permissions : 700 (see man ssh)
  • user_a/.ssh/known_hosts permissions: 644 (see man ssh)
  • user_a/.ssh/known_hosts: not content serverb host public key
  • otherusers/.ssh/known_hosts: not content serverb host public key

i've tried :

  • deleting known_hosts on server a: same error remains
  • to empty known_hosts on server a: same error
  • checking if host key names matching ssh server config: ok (hostkey /etc/ssh/ssh_host_rsa_key)
  • regenerating server b host keys (ssh-keygen -t dsa/rsa -f /etc/ssh/ssh_host_dsa/rsa_key) : same error
  • ssh -p port me@localhost on serverb: works other ssh clients

so i'm stacked ! ssh specialists welcome home.

thx in advance

don't understand did wrong particular server.. remains "strange" destroying "known_hosts" on client side did not drive expected positive effect.

anyway pls find hereafter did manually, quite ugly works:
note: assumes full access both machines (client , server)

server side : regenerate 2 pairs of keys (rsa , dsa)

ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key   ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key 

client side:
generate pair of dsa keys (private , public) user "foo"

ssh-keygen -t dsa -f /home/foo/.ssh/my_client_key   

add new key ssh-agent if running

ssh-add /home/foo/.ssh/my_client_key   

add content of server ssh_host_rsa_key.pub client /home/foo/.ssh/known_hosts, after ip/port:

[server_ip]:server_port copy/paste here server public rsa key (ctrl+shift+c/v)   [server_ip]:server_port copy/paste here server public dsa key (ctrl+shift+c/v) 

now server side :

copy/paste client public key /home/foo/.ssh/my_client_key.pub /home/bar/.ssh/.authorized_keys in order allow connection user "foo" connect "bar" account:

make sure of path consistency /etc/ssh/sshd_config able tu use file .authorized_keys :

authorizedkeysfile      %h/.ssh/.authorized_keys   

restart ssh server

/etc/init.d/ssh restart   

client: client "foo" can ssh user "bar" on server :

foo@client>$ ssh -p port bar@server_ip   

note: in case, both client , server running locally within vm's. not use these settings production obviously.

edit: reading bit more man ssh pages, should possible around in proper manner, ref man: "the stricthostkeychecking option can used control logins machines host key not known or has changed."


Comments

Popular posts from this blog

apache - Add omitted ? to URLs -

redirect - bbPress Forum - rewrite to wwww.mysite prohibits login -

php - How can I stop spam on my custom forum/blog? -