Re: Форвард 22 порта и "Host key verification failed"

Oleg Frolkov Fri, 25 Jul 2008 12:39:09 -0700

Artem Chuprina пишет:

Oleg Frolkov -> debian-russian@lists.debian.org  @ Fri, 25 Jul 2008 08:33:10 
+0400:


 OF> впрочем косяк все равно на вызывающем хосте, что-то с ssh. Под обычным
 OF> пользователем говорит:

 OF> ssh -v [EMAIL PROTECTED]
 OF> -----------------------------
 OF> OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
 OF> debug1: Reading configuration data /etc/ssh/ssh_config
 OF> debug1: Applying options for *
 OF> debug1: Rhosts Authentication disabled, originating port will not be 
trusted.
 OF> debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22.
 OF> debug1: Connection established.
 OF> debug1: identity file /home/sysop/.ssh/identity type -1
 OF> debug1: identity file /home/sysop/.ssh/id_rsa type -1
 OF> debug1: identity file /home/sysop/.ssh/id_dsa type -1
 OF> debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2
 OF> Debian-9etch2
 OF> debug1: match: OpenSSH_4.3p2 Debian-9etch2 pat OpenSSH*
 OF> debug1: Enabling compatibility mode for protocol 2.0
 OF> debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
 OF> debug1: SSH2_MSG_KEXINIT sent
 OF> debug1: SSH2_MSG_KEXINIT received
 OF> debug1: kex: server->client aes128-cbc hmac-md5 none
 OF> debug1: kex: client->server aes128-cbc hmac-md5 none
 OF> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
 OF> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
 OF> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
 OF> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
 OF> Host key verification failed.
 OF> debug1: Calling cleanup 0x8062d60(0x0)

 OF> Не совсем понимаю.... что тут может быть.
 OF> Под рутом ssh исполняется нормально и заходит на хост.

А покажи-ка права на /etc/ssh и /etc/ssh/* на вызывающем хосте...


Ага.... я сейчас тоже об этом подумал....

$ ls -ld /etc/ssh
drwxr-xr-x    2 root     root         1024 Nov 13  2007 /etc/ssh

$ls -l /etc/ssh
total 98
-rw-------    1 root     root        88039 Sep 28  2006 moduli
-rw-r--r--    1 root     root         1196 Jul 25 08:25 ssh_config
-rw-------    1 root     root          672 Aug 16  2005 ssh_host_dsa_key
-rw-r--r--    1 root     root          590 Aug 16  2005 ssh_host_dsa_key.pub
-rw-------    1 root     root          515 Aug 16  2005 ssh_host_key
-rw-r--r--    1 root     root          319 Aug 16  2005 ssh_host_key.pub
-rw-------    1 root     root          883 Aug 16  2005 ssh_host_rsa_key
-rw-r--r--    1 root     root          210 Aug 16  2005 ssh_host_rsa_key.pub
-rw-------    1 root     root         2492 Nov 13  2007 sshd_config

Но тут вроде все в порядке. Еще вычитал что -vvv можно поставить:

$ ssh -vvv [EMAIL PROTECTED]
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *

debug1: Rhosts Authentication disabled, originating port will not betrusted.

debug2: ssh_connect: needpriv 0
debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22.
debug1: Connection established.
debug1: identity file /home/sysop/.ssh/identity type -1
debug1: identity file /home/sysop/.ssh/id_rsa type -1
debug1: identity file /home/sysop/.ssh/id_dsa type -1

debug1: Remote protocol version 2.0, remote software versionOpenSSH_4.3p2 Debian-9etch2

debug1: match: OpenSSH_4.3p2 Debian-9etch2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received

debug2: kex_parse_kexinit:diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit:aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED]debug2: kex_parse_kexinit:aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED]debug2: kex_parse_kexinit:hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96debug2: kex_parse_kexinit:hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0

debug2: kex_parse_kexinit:diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit:aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctrdebug2: kex_parse_kexinit:aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctrdebug2: kex_parse_kexinit:hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96debug2: kex_parse_kexinit:hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none,[EMAIL PROTECTED]
debug2: kex_parse_kexinit: none,[EMAIL PROTECTED]
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 123/256
debug2: bits set: 1057/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/sysop/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/sysop/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 0 for host 1.2.3.4
debug3: check_host_in_hostfile: filename /home/sysop/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: filename /home/sysop/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 2 for host 1.2.3.4
Host key verification failed.
debug1: Calling cleanup 0x8062d60(0x0)

Но все равно это для меня не прояснило ситуацию :( ssh не нашел локальноключа и не делает попыток его получить с той стороны.


$ cat /etc/redhat-release
Red Hat Enterprise Linux AS release 3 (Taroon Update 8)

Это VPS хостинг на Rusonyx. Старый темплейт, не апдейтится. Саппорт навсе вопросы говорит:"Переходите на новый темплейт" но пока не приперло - лениво, придетсяведь ip менять, а у меня тамsecondary DNS. В общем пока геморрой оттягиваю, как проплата старогозакончится буду переезжать.

В общем-то особо не напрягает, но все равно интересно где могла собакапорыться.


Олег.


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Форвард 22 порта и "Host key verification failed"

Ответить