Marcus Stoegbauer
2001-Apr-27 09:00 UTC
key_verify failed for server_host_key from Solaris 2.7 to non-Solaris hosts
Hi, I am using OpenSSH 2.5.2p2 on Solaris 2.7 (Ultra 10) with 64bit support and have the following problem when connecting with the ssh2 protocol to non-solaris OS: On the client side, I do: /local/work/lysis/bin/slogin -v -2 -p 2222 rs30 On the server side (AIX 4.3), the sshd runs as follows: aix/sbin/sshd -p 2222 -d Full output follows at the end of this mail. The server is compiled with EGD support, on the client side I tested EGD and ANDIrand (http://www.cosy.sbg.ac.at/~andi/), both with the same result: key_verify failed for server_host_key The same happens when I connect from Solaris to Linux servers running OpenSSH versions 2.3 and above. During the tests I noticed that I get no errors when I rename the "primes" file at server side. Has anyone a similar problem or knows what is wrong here? If more information is needed, please let me know. Thanks in advance, Marcus Client output: =============OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090601f debug1: Seeding random number generator debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: getuid 27046 geteuid 27046 anon 1 debug1: Connecting to rs30 [130.83.126.33] port 2222. debug1: Connection established. debug1: unknown identity file /home/lysis/.ssh/id_rsa debug1: identity file /home/lysis/.ssh/id_rsa type -1 debug1: identity file /home/lysis/.ssh/id_dsa type 2 debug1: Remote protocol version 1.99, remote software version OpenSSH_2.5.1p2 debug1: match: OpenSSH_2.5.1p2 pat ^OpenSSH Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_2.5.2p2 debug1: send KEXINIT debug1: done debug1: wait KEXINIT debug1: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug1: got kexinit: ssh-dss debug1: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se debug1: got kexinit: 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se debug1: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug1: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug1: got kexinit: none,zlib debug1: got kexinit: none,zlib debug1: got kexinit: debug1: got kexinit: debug1: first kex follow: 0 debug1: reserved: 0 debug1: done debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: Sending SSH2_MSG_KEX_DH_GEX_REQUEST. debug1: Wait SSH2_MSG_KEX_DH_GEX_GROUP. debug1: Got SSH2_MSG_KEX_DH_GEX_GROUP. debug1: dh_gen_key: priv key bits set: 121/256 debug1: bits set: 1000/2049 debug1: Sending SSH2_MSG_KEX_DH_GEX_INIT. debug1: Wait SSH2_MSG_KEX_DH_GEX_REPLY. debug1: Got SSH2_MSG_KEXDH_REPLY. debug1: Host 'rs30' is known and matches the DSA host key. debug1: Found key in /home/lysis/.ssh/known_hosts2:22 debug1: bits set: 1016/2049 debug1: len 55 datafellows 0 debug1: ssh_dss_verify: signature incorrect key_verify failed for server_host_key debug1: Calling cleanup 0x3d4f0(0x0) Server output: =============debug1: sshd version OpenSSH_2.5.1p2 debug1: load_private_key_autodetect: type 0 RSA1 debug1: read SSH2 private key done: name dsa w/o comment success 1 debug1: load_private_key_autodetect: type 2 DSA debug1: Seeding random number generator debug1: Bind to port 2222 on 0.0.0.0. Server listening on 0.0.0.0 port 2222. Generating 768 bit RSA key. debug1: Seeding random number generator RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 130.83.126.55 port 33706 debug1: Client protocol version 2.0; client software version OpenSSH_2.5.2p2 debug1: match: OpenSSH_2.5.2p2 pat ^OpenSSH Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_2.5.1p2 debug1: Rhosts Authentication disabled, originating port not trusted. debug1: list_hostkey_types: ssh-dss debug1: send KEXINIT debug1: done debug1: wait KEXINIT debug1: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 debug1: got kexinit: ssh-rsa,ssh-dss debug1: got kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se debug1: got kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se debug1: got kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug1: got kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96 debug1: got kexinit: none debug1: got kexinit: none debug1: got kexinit: debug1: got kexinit: debug1: first kex follow: 0 debug1: reserved: 0 debug1: done debug1: kex: client->server aes128-cbc hmac-md5 none debug1: kex: server->client aes128-cbc hmac-md5 none debug1: Wait SSH2_MSG_KEX_DH_GEX_REQUEST. debug1: Sending SSH2_MSG_KEX_DH_GEX_GROUP. debug1: bits set: 1016/2049 debug1: Wait SSH2_MSG_KEX_DH_GEX_INIT. debug1: bits set: 1000/2049 debug1: sig size 20 20 debug1: send SSH2_MSG_NEWKEYS. debug1: done: send SSH2_MSG_NEWKEYS. debug1: Wait SSH2_MSG_NEWKEYS. Connection closed by 130.83.126.55 debug1: Calling cleanup 0x200077f4(0x0) -- Technische Universitaet Darmstadt Hochschulrechenzentrum (HRZ) Technical University Darmstadt University Computing Center D 64287 Darmstadt Germany Petersenstrasse 30