ssh host key verification failed on one of the clients only -
i can't ssh client "a" server "b" (but can many other ssh clients on same subnet "a" - *nux machines)
servera>ssh -v -p port user@serverb
openssh_5.3p1 debian-3ubuntu5, openssl 0.9.8k 25 mar 2009 debug1: reading configuration data /etc/ssh/ssh_config debug1: applying options * debug1: connecting serverb [serverb] port port. debug1: connection established. debug1: identity file /home/user_a/.ssh/id_rsa type -1 debug1: identity file /home/user_a/.ssh/id_dsa type 2 debug1: checking blacklist file /usr/share/ssh/blacklist.dsa-1024 debug1: checking blacklist file /etc/ssh/blacklist.dsa-1024 debug1: remote protocol version 2.0, remote software version openssh_5.1p1 debian-5 debug1: match: openssh_5.1p1 debian-5 pat openssh* debug1: enabling compatibility mode protocol 2.0 debug1: local version string ssh-2.0-openssh_5.3p1 debian-3ubuntu5 debug1: ssh2_msg_kexinit sent debug1: ssh2_msg_kexinit received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: ssh2_msg_kex_dh_gex_request(1024<1024<8192) sent debug1: expecting ssh2_msg_kex_dh_gex_group debug1: ssh2_msg_kex_dh_gex_init sent debug1: expecting ssh2_msg_kex_dh_gex_reply debug1: checking without port identifier host key verification failed.
i've checked these following pts on client - server looks point - :
- user_a/.ssh directory permissions : 700 (see man ssh)
- user_a/.ssh/known_hosts permissions: 644 (see man ssh)
- user_a/.ssh/known_hosts: not content serverb host public key
- otherusers/.ssh/known_hosts: not content serverb host public key
i've tried :
- deleting known_hosts on server a: same error remains
- to empty known_hosts on server a: same error
- checking if host key names matching ssh server config: ok (hostkey /etc/ssh/ssh_host_rsa_key)
- regenerating server b host keys (ssh-keygen -t dsa/rsa -f /etc/ssh/ssh_host_dsa/rsa_key) : same error
- ssh -p port me@localhost on serverb: works other ssh clients
so i'm stacked ! ssh specialists welcome home.
thx in advance
don't understand did wrong particular server.. remains "strange" destroying "known_hosts" on client side did not drive expected positive effect.
anyway pls find hereafter did manually, quite ugly works:
note: assumes full access both machines (client , server)
server side : regenerate 2 pairs of keys (rsa , dsa)
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
client side:
generate pair of dsa keys (private , public) user "foo"
ssh-keygen -t dsa -f /home/foo/.ssh/my_client_key
add new key ssh-agent if running
ssh-add /home/foo/.ssh/my_client_key
add content of server ssh_host_rsa_key.pub client /home/foo/.ssh/known_hosts, after ip/port:
[server_ip]:server_port copy/paste here server public rsa key (ctrl+shift+c/v) [server_ip]:server_port copy/paste here server public dsa key (ctrl+shift+c/v)
now server side :
copy/paste client public key /home/foo/.ssh/my_client_key.pub /home/bar/.ssh/.authorized_keys in order allow connection user "foo" connect "bar" account:
make sure of path consistency /etc/ssh/sshd_config able tu use file .authorized_keys :
authorizedkeysfile %h/.ssh/.authorized_keys
restart ssh server
/etc/init.d/ssh restart
client: client "foo" can ssh user "bar" on server :
foo@client>$ ssh -p port bar@server_ip
note: in case, both client , server running locally within vm's. not use these settings production obviously.
edit: reading bit more man ssh pages, should possible around in proper manner, ref man: "the stricthostkeychecking option can used control logins machines host key not known or has changed."
Comments
Post a Comment