I can’t ssh from client “A” to server “B” (but I can from many other ssh clients on the same subnet than “A” – all are *nux machines)
serverA>ssh -v -p PORT user@serverB
OpenSSH_5.3p1 Debian-3ubuntu5, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to serverB [serverB] port PORT.
debug1: Connection established.
debug1: identity file /home/user_A/.ssh/id_rsa type -1
debug1: identity file /home/user_A/.ssh/id_dsa type 2
debug1: Checking blacklist file /usr/share/ssh/blacklist.DSA-1024
debug1: Checking blacklist file /etc/ssh/blacklist.DSA-1024
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5
debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu5
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: checking without port identifier
Host key verification failed.
I’ve already checked these following pts on client A – as server A looks to be the point – :
- user_A/.ssh directory permissions : 700 (see man ssh)
- user_A/.ssh/known_hosts permissions: 644 (see man ssh)
- user_A/.ssh/known_hosts: does NOT content serverB host public key
- otherusers/.ssh/known_hosts: does NOT content serverB host public key
I’ve tried :
- deleting known_hosts on server A: same error remains
- to empty known_hosts on server A: same error
- checking if host key names are matching the ssh server config: ok (HostKey /etc/ssh/ssh_host_rsa_key)
- regenerating server B host keys (ssh-keygen -t dsa/rsa -f /etc/ssh/ssh_host_dsa/rsa_key) : same error
- ssh -p PORT me@localhost on serverB: it also works as from other ssh clients
So I’m really stacked now ! ssh specialists welcome home.
Thx in advance
Don’t understand what exactly I did wrong for this particular server..
What remains “strange” is that destroying “known_hosts” on the client side did not drive to the expected positive effect.
Anyway pls find hereafter what I did manually, quite ugly but works:
Note: This assumes full access to both machines (client and server)
server side : regenerate the 2 pairs of keys (rsa and dsa)
client side:
generate a pair of dsa keys (private and public) for the user “foo”
add this new key to the ssh-agent if running
add the content of the server ssh_host_rsa_key.pub to the client /home/foo/.ssh/known_hosts, after the IP/port:
now back to the server side :
copy/paste the client public key /home/foo/.ssh/my_client_key.pub into /home/bar/.ssh/.authorized_keys in order to allow connection to the user “foo” to connect to “bar” account:
make sure of the path consistency with /etc/ssh/sshd_config to be able tu use the file .authorized_keys :
restart the ssh server
client: now the client “foo” can ssh to the user “bar” on the server :
Note: in my case, both client and server are running locally within VM’s. Do not use these settings for production obviously.
EDIT: Reading a bit more carefully the man ssh pages, it should be possible to get around this in a much proper manner, ref to the man: “The StrictHostKeyChecking option can be used to control logins to machines whose host key is not known or has changed.”