[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: [rhelv5-list] Host key verification failed error when runningsftp-b



Thanks, the ~./ssh/known_hosts permissions on my RHEL 5 systems are the
same as those on my RHEL 4 systems.

Andrew Philipoff
Programmer Analyst
Information Technology Services
Department of Medicine
University of California, San Francisco
Phone: 415-476-1344
Help Desk: 415-476-6827


-----Original Message-----
From: rhelv5-list-bounces redhat com
[mailto:rhelv5-list-bounces redhat com] On Behalf Of Hugh Brown
Sent: Thursday, October 25, 2007 12:41 PM
To: rhelv5-list redhat com
Subject: Re: [rhelv5-list] Host key verification failed error when
runningsftp-b

Quick follow up, I was mistaken, CheckHostIP has nothing to do with it.

ssh wouldn't be useful if it never checked the key of the server it was
talking to.

Hugh Brown wrote:
> I've been able to reproduce the problem by breaking my ability to 
> write to known_hosts.
> 
> Is the key for the webhost in your ~/.ssh/known_hosts and can you 
> write to that file?  With batch mode, if the ssh client can't verify 
> the host and CheckHostIP is yes (I believe that's the default), then 
> instead of prompting you to accept the key it will just fail.  The 
> assumption is that in batch mode, no one is around to type yes to the 
> key verification query.
> 
> Hugh
> 
> 
> Philipoff, Andrew wrote:
>> I can ssh to and from the host without any problem. I can also run 
>> sftp without the -b flag without encountering any error messages. I 
>> only get the error messages when I try to use batchfiles. I did 
>> remove all instances of the webserver from the known_hosts file as 
>> part of my troubleshooting earlier, no change.
>>
>> Andrew Philipoff
>> Programmer Analyst
>> Information Technology Services
>> Department of Medicine
>> University of California, San Francisco
>> Phone: 415-476-1344
>> Help Desk: 415-476-6827
>>
>>
>> -----Original Message-----
>> From: rhelv5-list-bounces redhat com
>> [mailto:rhelv5-list-bounces redhat com] On Behalf Of Hugh Brown
>> Sent: Thursday, October 25, 2007 11:39 AM
>> To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list
>> Subject: Re: [rhelv5-list] Host key verification failed error when 
>> runningsftp -b
>>
>> Can you ssh to the host?
>>
>> It looks like you've got it trying to verify the ssh key for the 
>> webserver and the client doesn't have the key in its known_hosts file

>> or it has an old one that doesn't match what the server is providing.
>>
>> Hugh
>>
>> Philipoff, Andrew wrote:
>>> I recently deployed a RHEL 5 webserver and ran into a problem when 
>>> running "sftp -b batchfile hostname". I get the following error
>>> messages:
>>>
>>> Host key verification failed.
>>>
>>> Couldn't read packet: Connection reset by peer
>>>
>>>  
>>>
>>> I been using this command successfully on RHEL 4 systems and only 
>>> occurs when I run it on RHEL 5 systems. It occurs when trying to 
>>> connect to RHEL 4 and RHEL 5 systems from a RHEL 5 system. Anyone 
>>> have
>>
>>> any thoughts on what is causing this and how to resolve it? Below is

>>> the output of "sftp -vv -b batchfile hostname":
>>>
>>>  
>>>
>>> sftp -vv -b batchfile host.example.com
>>>
>>> OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
>>>
>>> debug1: Reading configuration data /etc/ssh/ssh_config
>>>
>>> debug1: Applying options for *
>>>
>>> debug2: ssh_connect: needpriv 0
>>>
>>> debug1: Connecting to host.example.com [xxx.xxx.xxx.xxx] port 22.
>>>
>>> debug1: Connection established.
>>>
>>> debug1: identity file /home/webdev/.ssh/id_rsa type -1
>>>
>>> debug1: identity file /home/webdev/.ssh/id_dsa type -1
>>>
>>> debug1: Remote protocol version 2.0, remote software version
>>> OpenSSH_3.9p1
>>>
>>> debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.*
>>>
>>> debug1: Enabling compatibility mode for protocol 2.0
>>>
>>> debug1: Local version string SSH-2.0-OpenSSH_4.3
>>>
>>> debug2: fd 4 setting O_NONBLOCK
>>>
>>> debug1: SSH2_MSG_KEXINIT sent
>>>
>>> debug1: SSH2_MSG_KEXINIT received
>>>
>>> debug2: kex_parse_kexinit:
>>> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffi
>>> e-
>>> he
>>> llman-group1-sha1
>>>
>>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>>>
>>> debug2: kex_parse_kexinit:
>>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,a
>>> rc
>>> fo
>>> ur,aes192-cbc,aes256-cbc,rijndael-cbc lysator liu se,aes128-ctr,aes1
>>> 92
>>> -c
>>> tr,aes256-ctr
>>>
>>> debug2: kex_parse_kexinit:
>>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,a
>>> rc
>>> fo
>>> ur,aes192-cbc,aes256-cbc,rijndael-cbc lysator liu se,aes128-ctr,aes1
>>> 92
>>> -c
>>> tr,aes256-ctr
>>>
>>> debug2: kex_parse_kexinit:
>>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 openssh com,hmac-sh
>>> a1
>>> -9
>>> 6,hmac-md5-96
>>>
>>> debug2: kex_parse_kexinit:
>>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 openssh com,hmac-sh
>>> a1
>>> -9
>>> 6,hmac-md5-96
>>>
>>> debug2: kex_parse_kexinit: none,zlib openssh com,zlib
>>>
>>> debug2: kex_parse_kexinit: none,zlib openssh com,zlib
>>>
>>> debug2: kex_parse_kexinit:
>>> debug2: kex_parse_kexinit:
>>> debug2: kex_parse_kexinit: first_kex_follows 0
>>>
>>> debug2: kex_parse_kexinit: reserved 0
>>>
>>> debug2: kex_parse_kexinit:
>>> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffi
>>> e-
>>> he
>>> llman-group1-sha1
>>>
>>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
>>>
>>> debug2: kex_parse_kexinit:
>>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes2
>>> 56 -c 
>>> bc,rijndael-cbc lysator liu se,aes128-ctr,aes192-ctr,aes256-ctr
>>>
>>> debug2: kex_parse_kexinit:
>>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes2
>>> 56 -c 
>>> bc,rijndael-cbc lysator liu se,aes128-ctr,aes192-ctr,aes256-ctr
>>>
>>> debug2: kex_parse_kexinit:
>>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 openssh com,hmac-sh
>>> a1
>>> -9
>>> 6,hmac-md5-96
>>>
>>> debug2: kex_parse_kexinit:
>>> hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 openssh com,hmac-sh
>>> a1
>>> -9
>>> 6,hmac-md5-96
>>>
>>> debug2: kex_parse_kexinit: none,zlib
>>>
>>> debug2: kex_parse_kexinit: none,zlib
>>>
>>> debug2: kex_parse_kexinit:
>>> debug2: kex_parse_kexinit:
>>> debug2: kex_parse_kexinit: first_kex_follows 0
>>>
>>> debug2: kex_parse_kexinit: reserved 0
>>>
>>> debug2: mac_init: found hmac-md5
>>>
>>> debug1: kex: server->client aes128-cbc hmac-md5 none
>>>
>>> debug2: mac_init: found hmac-md5
>>>
>>> debug1: kex: client->server aes128-cbc hmac-md5 none
>>>
>>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
>>>
>>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>>>
>>> debug2: dh_gen_key: priv key bits set: 139/256
>>>
>>> debug2: bits set: 517/1024
>>>
>>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>>>
>>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>>>
>>> debug2: no key of type 0 for host.example.com
>>>
>>> debug2: no key of type 2 for host.example.com
>>>
>>> Host key verification failed.
>>>
>>> Couldn't read packet: Connection reset by peer
>>>
>>>  
>>>
>>> Andrew Philipoff
>>> Programmer Analyst
>>> Information Technology Services
>>> Department of Medicine
>>> University of California, San Francisco
>>>
>>>  
>>>
>>>
>>>
>>>
>>> --------------------------------------------------------------------
>>> --
>>> --
>>>
>>> _______________________________________________
>>> rhelv5-list mailing list
>>> rhelv5-list redhat com
>>> https://www.redhat.com/mailman/listinfo/rhelv5-list
>>
>> --
>> System Administrator
>> DIVMS Computer Support Group
>>
>> University of Iowa
>> Email: hbrown divms uiowa edu
>> Voice: 319-335-0748
>>
>>
>> _______________________________________________
>> rhelv5-list mailing list
>> rhelv5-list redhat com
>> https://www.redhat.com/mailman/listinfo/rhelv5-list
> 

--
System Administrator
DIVMS Computer Support Group

University of Iowa
Email: hbrown divms uiowa edu
Voice: 319-335-0748



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]