LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices



Reply
 
Search this Thread
Old 07-01-2010, 06:36 PM   #1
bluethumb
Member
 
Registered: Jan 2006
Distribution: RHEL 4, Scientific Linux, Centos, Ubuntu
Posts: 58

Rep: Reputation: 15
Unhappy Peculiar behavior of ssh: hangups, changing host key


I installed Centos 5.5 on a new computer (SuperMicro H8DGU) yesterday. Some odd things happen sporadically when I connect to it by ssh from a terminal emulator. Mostly I use Van Dyke's SecureCRT on a Windows machine, but not exclusively.

1. Occasionally the connection drops, and when I log in again I'm told "The host key sent by the server is different from the host key stored in the host key database." Then it gives me the MD5 hash of the host key fingerprint. The odd thing is that this hash alternates between two different values! Just two!

I just ran ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub, and I recognize the output as one of the two hash values. The date on the file is yesterday afternoon, so that hasn't changed.

2. Sometimes there is an error message "Auth User/Pass with PS...fail...Please reconnect!." This is preceded by an "unspecified GSS error", if I remember correctly.

I'm using password authentication.

I can't find any relevant error messages in /var/log/secure, just "password accepted" and "end session" lines.

I have compared this machine to a similar machine (Scientific Linux 5.5) that works properly. The sshd_config files are identical. So are /etc/pam.d/sshd and /etc/pam.d/system_auth. In fact I haven't messed with anything in the sshd configuration.
Attached Files
File Type: txt sshd_config.txt (3.2 KB, 2 views)
 
Old 07-02-2010, 02:59 AM   #2
DrLove73
Senior Member
 
Registered: Sep 2009
Location: Srbobran, Serbia
Distribution: CentOS 5.5 i386 & x86_64
Posts: 1,118
Blog Entries: 1

Rep: Reputation: 129Reputation: 129
How have you assigned IP for that system, static or via DHCP?

Also, is it possible that you have another system with the same IP (maybe secondary IP so you missed it)?
 
Old 07-02-2010, 12:45 PM   #3
bluethumb
Member
 
Registered: Jan 2006
Distribution: RHEL 4, Scientific Linux, Centos, Ubuntu
Posts: 58

Original Poster
Rep: Reputation: 15
The IP is static.

I'm not sure about the possibility of another system with the same IP. The number was assigned by our network manager. Usually there's some sort of error message when there's a conflict like that, but I haven't seen anything.

While dredging through the logs, I found some error messages from avahi-daemon. The machine that works properly is not using it. I don't think we use it for anything. Could this be related to my problem? I shut it off, so maybe I'll get an answer in a few hours.
 
Old 07-02-2010, 12:48 PM   #4
DrLove73
Senior Member
 
Registered: Sep 2009
Location: Srbobran, Serbia
Distribution: CentOS 5.5 i386 & x86_64
Posts: 1,118
Blog Entries: 1

Rep: Reputation: 129Reputation: 129
Maybe some PC do use the same IP, who knows why. When you see different ssh key disconnect that PC from network and try pinging his IP.

You can also take a look at hostname of the "second ssh key" system, and look for files that are missing or should not be there (wherever you have access to files). You can also check for MAC address of the NIC and compare them (this can help if there is really another system with the same IP to track it down.)

Last edited by DrLove73; 07-02-2010 at 12:51 PM.
 
Old 07-02-2010, 05:27 PM   #5
bluethumb
Member
 
Registered: Jan 2006
Distribution: RHEL 4, Scientific Linux, Centos, Ubuntu
Posts: 58

Original Poster
Rep: Reputation: 15
No luck so far. I disconnected the cable and pinged the address. Nothing answered.

Turning off avahi-daemon didn't help.

In my known-hosts file, the hostname of the "second ssh key" system is always the same. It's the one the DNS server gives for the IP address. I can't figure out a way to use the DSA signature to find particular machine.
 
Old 07-03-2010, 03:11 AM   #6
DrLove73
Senior Member
 
Registered: Sep 2009
Location: Srbobran, Serbia
Distribution: CentOS 5.5 i386 & x86_64
Posts: 1,118
Blog Entries: 1

Rep: Reputation: 129Reputation: 129
Quote:
Originally Posted by bluethumb View Post
No luck so far. I disconnected the cable and pinged the address. Nothing answered.
You pinged it from different system right? Just checking.
Quote:
Originally Posted by bluethumb View Post
It's the one the DNS server gives for the IP address. I can't figure out a way to use the DSA signature to find particular machine.
I never said DSA signature or mentioned DNS server.

I said when you are warned that ssh-key has changed for the host you are trying to log in accept and log in. Then look around for hostname on that system you are logged in and try to get MAC address. You will need root privileges for this, or use some service that will show your MAC to some service you have on your network. That was my suggestion, to see if you are logging to different PC by any chance.
 
Old 07-03-2010, 07:05 PM   #7
bluethumb
Member
 
Registered: Jan 2006
Distribution: RHEL 4, Scientific Linux, Centos, Ubuntu
Posts: 58

Original Poster
Rep: Reputation: 15
Thanks. Now I understand what you meant.

Unfortunately I haven't been able to log in to the "extra" host. That must be the machine that give me the "Auth User/Pass with PS...fail...Please reconnect!." messages. So far its identity remains a mystery.

At the suggestion of our network manager I switched the IP addresses and names of the new machine with an old one that works. It really begins to look like there's an extra machine using the new IP. The old machine with the new IP refused to start eth0 at boot time, saying that there's another machine using the address. That's pretty definitive. When I try to ssh to it, I get the "Auth User/Pass...." error, which it couldn't give with eth0 down.

The new machine with the old IP hasn't given any trouble yet, but it's only been a few minutes.

I will throw this to our network manager. Maybe his router logs will show the MAC of the machines that use the IP. Or maybe his records will show who had the IP before this week.
 
Old 07-04-2010, 02:16 PM   #8
DrLove73
Senior Member
 
Registered: Sep 2009
Location: Srbobran, Serbia
Distribution: CentOS 5.5 i386 & x86_64
Posts: 1,118
Blog Entries: 1

Rep: Reputation: 129Reputation: 129
Now that your ssh server system has different IP, any PC/router can sy MAC of the culprit system.
Code:
ping <culprits IP>; arp <culprits IP>
should give you it's MAC address.
 
Old 07-06-2010, 03:41 PM   #9
bluethumb
Member
 
Registered: Jan 2006
Distribution: RHEL 4, Scientific Linux, Centos, Ubuntu
Posts: 58

Original Poster
Rep: Reputation: 15
My part of the problem is solved. The network manager assigned a new IP address which has no interference from other machines. Using arp as you suggested, I found the hardware address and passed it on to him. Now it's his problem to track it down.
 
  


Reply

Tags
centos55, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] ssh host key problem Amaranthus Linux - Newbie 7 12-15-2009 04:42 PM
Changing Enter Key Behavior In PHP/HTML FORM cmnorton Programming 3 01-15-2009 04:12 AM
How to know/find out/see my ssh host key khaos83 Red Hat 4 12-26-2007 04:35 AM
ssh Host Key ziox Linux - Networking 6 02-07-2005 03:57 PM
SSH rejects my host key for version 2 only. Travis86 Linux - Networking 19 08-08-2003 04:48 AM


All times are GMT -5. The time now is 07:11 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration