Re-post, as I think my last post didn't get through. Sorry, if somebody
got it twice now
Hi
I run in the following make tests error and didn't find any solution to
this.
- This is a test on the localhost, so I guess, there is no man in the
middle attack (hosts file is setup correctly, localhost points to
127.0.0.1)
- I don't want to use protocol 1 anyway, so how can I skip the test?
- I copied the known host file from my already installed ssh
(~/.ssh/known_hosts) to ./regress/ but that didn't help
- Just to be sure, I checked the 4.1 source of my current installation
and it came up with the same error, but I can't remember seeing this
error with the prev. installation. So I stopped the running sshd,
removed the /etc/ssh directory and run the test again with the same
result.
- I'm running uname -a: Linux linuxbox 2.6.12.5 #1 Tue Aug 16 08:57:47
CEST 2005 ppc unknown unknown GNU/Linux
Any help on this?
Thanks, Andreas
rm -f /home/andreas/tmp/openssh-4.2p1/regress/rsa_secsh.pub
ssh-keygen -lf /home/andreas/tmp/openssh-4.2p1/regress/rsa_openssh.pub |\
awk '{print $2}' | diff -
/home/andreas/tmp/openssh-4.2p1/regress/t4.ok
ssh-keygen -Bf /home/andreas/tmp/openssh-4.2p1/regress/rsa_openssh.pub |\
awk '{print $2}' | diff -
/home/andreas/tmp/openssh-4.2p1/regress/t5.ok
ssh-keygen -if /home/andreas/tmp/openssh-4.2p1/regress/dsa_ssh2.prv >
/home/andreas/tmp/openssh-4.2p1/regress//t6.out1
ssh-keygen -if /home/andreas/tmp/openssh-4.2p1/regress/dsa_ssh2.pub >
/home/andreas/tmp/openssh-4.2p1/regress//t6.out2
chmod 600 /home/andreas/tmp/openssh-4.2p1/regress//t6.out1
ssh-keygen -yf /home/andreas/tmp/openssh-4.2p1/regress//t6.out1 | diff -
/home/andreas/tmp/openssh-4.2p1/regress//t6.out2
ssh-keygen -lf /home/andreas/tmp/openssh-4.2p1/regress//t7.out > /dev/null
ssh-keygen -Bf /home/andreas/tmp/openssh-4.2p1/regress//t7.out > /dev/null
run test connect.sh ...
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA1 host key has just been changed.
The fingerprint for the RSA1 key sent by the remote host is
4c:60:b8:06:71:1e:5f:76:a7:60:75:c3:4d:9d:be:8d.
Please contact your system administrator.
Add correct host key in /home/andreas/tmp/openssh-4.2p1/regress/known_hosts to
get rid of this message.
Offending key in /home/andreas/tmp/openssh-4.2p1/regress/known_hosts:2
RSA1 host key for localhost-with-alias has changed and you have requested strict
checking.
Host key verification failed.
ssh connect with protocol 1 failed
failed simple connect
make[1]: *** [t-exec] Error 1
make[1]: Leaving directory `/home/andreas/tmp/openssh-4.2p1/regress'
make: *** [tests] Error 2
Andreas Fehr wrote:> - This is a test on the localhost, so I guess, there is no man in the > middle attack (hosts file is setup correctly, localhost points to > 127.0.0.1) > > - I don't want to use protocol 1 anyway, so how can I skip the test?There's no easy way, but if you really want to you can do "make tests LTESTS="[list of tests]". A better approach is to fix the problem (see below).> - I copied the known host file from my already installed ssh > (~/.ssh/known_hosts) to ./regress/ but that didn't help > > - Just to be sure, I checked the 4.1 source of my current installation > and it came up with the same error, but I can't remember seeing this > error with the prev. installation. So I stopped the running sshd, > removed the /etc/ssh directory and run the test again with the same > result. > > - I'm running uname -a: Linux linuxbox 2.6.12.5 #1 Tue Aug 16 08:57:47 > CEST 2005 ppc unknown unknown GNU/LinuxIf you're using OpenSSL 0.9.7g then there's a bug in the PPC assember code which can cause this. I don't know if any other versions are affected. The attached patch fixes this (I didn't write it, I just happen to have it handy), or alternatively you can rebuild OpenSSL without assembler optimizations. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: openssl-0.9.7g-ppcasm.patch Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20051012/00230784/attachment.ksh
Andreas Fehr wrote:> An update to 0.9.7h did fix the problem. Thanks for your help!No prob. Be aware that 0.9.7h has a binary compatibility problem (probably only an issue so if you build openssl as a shared library). See the thread on openssh-unix-dev in the last day or so. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.