Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Host key verification failed

from [wilis] Network Security [Permanent Link]
Subject: Re: Host key verification failed
Date: Fri, 3 Dec 2004 12:33:41 -0200 (BRDT) 
Robert Moss wrote:


Hi,
  The SSH key you are using looks to be in the wrong format.  In your
debug output, there are a few lines:


debug3: Not a RSA1 key file /root/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace

debug3: key_read: missing

whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype


The key probably looks something like this:


---- BEGIN SSH2 PUBLIC KEY ----
Comment: "1024-bit RSA, converted from OpenSSH by root@testbox"
AAAAB3NzaC1yc2EAAAABIwAAAIEAtegffmpCN/68ePgVbfjtXXwSKKiNyIKH1TnwG1C75U
yIEVSmxJr5wDh4iRcasdff394ZnCds3sHFV6uVILH+8t8q7MzA92BPG+jUMtawAG/i8FoU+
iyNLB9mn1CORGYBJRrabyUW3JT5t5fefH55hUr+isMH7zr90cHq0hPa9CE=
---- END SSH2 PUBLIC KEY ----


The key is most likely in 'SECSH Public Key File Format' format.  You
need to convert it to the OpenSSH key format, similar to below:

ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAtesutmpCN/68fPgVbfjtXXwSKKiNyIKH1TnwG1C75UyI
EVSmxJr5wDh4iRcdwpKE94ZnCds3sHFV6uVILH+8t8q7MzA92BPG+jUMtawAG/i8FoU+iyNL
ymlCORggBJRbarUW3JT5t5OW4+H55hUr+isMH7zr90cHq0hPa9CE= root@testbox


You can use the ssh-keygen program to convert from the above format to
the OpenSSH format.

ssh-keygen -f <path to ssh key> -i

You will need to do that for both the public and private keys.

Hope this helps,
Robert Moss.


-----Original Message-----
From: wilis@dcc.ufmg.br [mailto:wilis@dcc.ufmg.br]
Sent: 18 November 2004 12:47
To: secureshell@securityfocus.com
Subject: Host key verification failed

Hi,

I'm using ssh client in a Slackware distribution Linux and trying to
connect to ssh server on mica.dcc.ufmg.br. But I can't connect to it and
can't connect to any other server.

root@status:/var/tmp# ssh -version
OpenSSH_3.9p1, OpenSSL 0.9.7d 17 Mar 2004

I need help. Thanks !

This is the debug messages:

root@status:/var/tmp# ssh mica.dcc.ufmg.br -l root -vvv OpenSSH_3.9p1,
OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /usr/local/etc/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to mica.dcc.ufmg.br [150.164.0.134] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug3: Not a RSA1 key file /root/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version
OpenSSH_3.7.1p2
debug1: match: OpenSSH_3.7.1p2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9p1
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-he
llman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
6,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
6,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-c
bc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
6,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-9
6,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 136/256
debug2: bits set: 525/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
debug2: no key of type 0 for host mica.dcc.ufmg.br
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts2
debug3: check_host_in_hostfile: filename /root/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /usr/local/etc/ssh_known_hosts
debug2: no key of type 2 for host mica.dcc.ufmg.br Host key verification
failed.






The problem is in the /etc/udev/rules.d/udev.rules
there is a configuration problem in udev:

# pty devices
KERNEL="pty[p-za-e][0-9a-f]*", NAME="pty/m%n", SYMLINK="%k"
#KERNEL="tty[p-za-e][0-9a-f]*", NAME="tty/s%n", SYMLINK="%k"
KERNEL="tty[p-za-e][0-9a-f]*", NAME="pty/s%n", SYMLINK="%k"

The comented line gets replaced with the line beneath it and it all gets
better :).




Hi Radu,

 Yes, that was the problem. Now it´s ok.
 But how do you know it? What does that line in udev.rules mean ?

Thanks,
Charles
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: Host key verification failed, wilis <=
Previous by Date:  Can't login, Andrew Afliatunov
Next by Date:  Re: port forwarding, Greg Norris
Previous by Thread:  Can't login, Andrew Afliatunov
Next by Thread:  Problem with scp, Melanie . Berg
Indexes:  [Date] [Thread] [Top] [All Lists]