hi, my scenario is this: i have a cgi (on host1) that executes ssh (as userxyz) to a remote server (host2), executes a command to retrieve some data and outputs them to the local browser. on host1: #!/usr/bin/perl -w ... $output = `/usr/local/bin/ssh -l userxyz -x host2 ls -l` ... but i get "Host Key Verification failed" on my apache's error_log. i can do it on the command line, it only fails when i run it via the cgi. has somebody had this problem before? /don
Donny Cornelius wrote:> i have a cgi (on host1) that executes ssh (as userxyz) to a remote server (host2), executes a command to retrieve some data and outputs them to the local browser. > > on host1: > > #!/usr/bin/perl -w > ... > $output = `/usr/local/bin/ssh -l userxyz -x host2 ls -l` > ... > > but i get "Host Key Verification failed" on my apache's error_log. i can do it on the command line, it only fails when i run it via the cgi.Is the CGI running as "nobody" or are you using suEXEC? Can you as "-v -v -v" to the ssh commandline to get some debugging info? Maybe $HOME isn't set? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Thanks for your suggestions. I put nobody as a sudoer to exec ssh; for testing purposes I give it a shell, but for the live environment I give no login shell to nobody. on comparing the debug output for a successful session and a failed one, the latter gives this: debug3: check_host_in_hostfile: match line 38 Host key verification failed. the sucessful one continues with the login. what is the $HOME you're referring to? -----Original Message----- From: Darren Tucker <dtucker at zip.com.au> To: dontrango at myrealbox.com Date: Fri, 18 Oct 2002 21:56:44 +1000 Subject: Re: Host Key Verification failed - ssh via cgi Donny Cornelius wrote:> i have a cgi (on host1) that executes ssh (as userxyz) to a remote server (host2), executes a command to retrieve some data and outputs them to the local browser. > > on host1: > > #!/usr/bin/perl -w > ... > $output = `/usr/local/bin/ssh -l userxyz -x host2 ls -l` > ... > > but i get "Host Key Verification failed" on my apache's error_log. i can do it on the command line, it only fails when i run it via the cgi.Is the CGI running as "nobody" or are you using suEXEC? Can you as "-v -v -v" to the ssh commandline to get some debugging info? Maybe $HOME isn't set? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. (",) dontrango --------------- hasta la vista ---------------
the problem lies with the way the file known_host stores the data. 'ssh -l userid $HOST' and $HOST in the file must match. if one is in the fqdn format the other must be in the same format. -----Original Message----- From: Darren Tucker <dtucker at zip.com.au> To: dontrango at myrealbox.com Date: Fri, 18 Oct 2002 21:56:44 +1000 Subject: Re: Host Key Verification failed - ssh via cgi Donny Cornelius wrote:> i have a cgi (on host1) that executes ssh (as userxyz) to a remote server (host2), executes a command to retrieve some data and outputs them to the local browser. > > on host1: > > #!/usr/bin/perl -w > ... > $output = `/usr/local/bin/ssh -l userxyz -x host2 ls -l` > ... > > but i get "Host Key Verification failed" on my apache's error_log. i can do it on the command line, it only fails when i run it via the cgi.Is the CGI running as "nobody" or are you using suEXEC? Can you as "-v -v -v" to the ssh commandline to get some debugging info? Maybe $HOME isn't set? -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. (",) dontrango --------------- hasta la vista ---------------