LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 07-14-2011, 02:16 PM   #1
camorri
LQ Guru
 
Registered: Nov 2002
Location: Somewhere inside 9.9 million sq. km. Canada
Distribution: Slackware 14.1, 14.2
Posts: 5,190

Rep: Reputation: 526Reputation: 526Reputation: 526Reputation: 526Reputation: 526Reputation: 526
Can not ssh into Slack 13.37, 'Host key verification failed'.


I have spent two days trying to get this working. I have looked at many how-tos without success.

I have Slack 64 bit installed on my desktop, sshd is running. From my netbook running Ubuntu I can not connect through ssh, I always get 'Host key verification failed' message.

I have tried a lot of things, I got to a point where I could not ssh either way. So today I removed and re-installed Openssh on both systems.

I made sure I was using the new ssh_config and sshd_config files on both systems. Right now I can ssh from the desktop ( Slack ) to Ubuntu ( netbook ) but not the other way around.

I do not get a known_hosts file created on Slack, I do get one on Ubuntu.

I don't understand why Openssh server on Slack is not accessible, and why the known_hosts file is not getting created.

/var/log/packages show
Quote:
openssh-5.5p1-x86_64-1
is what I have installed.

Most of the suggestions I have found suggest deleting the entry for the remote host. Problem is it never gets created.

How do I go about fixing this?

This is a link to the last howto I followed, after the re-install of Openssh.

-->http://www.linuxquestions.org/questi...-linux-419680/

Last edited by camorri; 07-14-2011 at 02:18 PM. Reason: added info.
 
Old 07-14-2011, 02:38 PM   #2
SeRi@lDiE
Member
 
Registered: Jun 2006
Location: /dev/null
Distribution: Slackware 13.1, Slackware 13.37, aptosid, rhel
Posts: 542
Blog Entries: 7

Rep: Reputation: 55
Try


touch /home/user/.ssh/known_hosts

restart ssh

Also if you thinker with the sshd_config make sure your sshd_config is set back to default so you can narrow the issue down...
 
Old 07-14-2011, 07:25 PM   #3
willysr
Senior Member
 
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 3,707

Rep: Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002
check your .ssh/known_hosts
probably there's a same IP address with your Slack machine, but it was a different machine, so it failed with the authentication process
the simplest way is to delete the entry and try to ssh again
 
Old 07-14-2011, 08:58 PM   #4
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 4,693

Rep: Reputation: 1577Reputation: 1577Reputation: 1577Reputation: 1577Reputation: 1577Reputation: 1577Reputation: 1577Reputation: 1577Reputation: 1577Reputation: 1577Reputation: 1577
Is the sshd daemon running on the Slackware machine? (Check with 'ps ax | grep sshd').
From 'man sshd'
Quote:
/etc/ssh/ssh_host_key
/etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_rsa_key
These three files contain the private parts of the host keys. These files should only be owned by root, readable only by root, and not accessible to others. Note that sshd does not start if these files are group/world-accessible.
Check the permissions of these files are 0600.
 
Old 07-15-2011, 09:46 AM   #5
camorri
LQ Guru
 
Registered: Nov 2002
Location: Somewhere inside 9.9 million sq. km. Canada
Distribution: Slackware 14.1, 14.2
Posts: 5,190

Original Poster
Rep: Reputation: 526Reputation: 526Reputation: 526Reputation: 526Reputation: 526Reputation: 526
Well, no success. I have looked at each suggestion. Here is what I see.

allend.

The permissions on /etc/ssh.

Quote:
/etc/ssh# ls -l
total 204
drwxr-xr-x 2 root root 4096 Jul 14 10:32 ./
drwxr-xr-x 90 root root 12288 Jul 15 08:32 ../
-rw-r--r-- 1 root root 48 Jul 13 09:58 login_file
-rw-r--r-- 1 root root 125811 Jul 14 10:17 moduli
-rw-r--r-- 1 root root 1555 Jul 14 10:33 ssh_config
-rw-r--r-- 1 root root 1555 Jul 14 10:17 ssh_config.new
-rw-r--r-- 1 root root 1577 Jul 14 10:32 ssh_config.old
-rw------- 1 root root 668 Jul 13 08:12 ssh_host_dsa_key
-rw-r--r-- 1 root root 601 Jul 13 08:12 ssh_host_dsa_key.pub
-rw------- 1 root root 227 Jul 13 08:12 ssh_host_ecdsa_key
-rw-r--r-- 1 root root 173 Jul 13 08:12 ssh_host_ecdsa_key.pub
-rw------- 1 root root 976 Jul 13 08:12 ssh_host_key
-rw-r--r-- 1 root root 641 Jul 13 08:12 ssh_host_key.pub
-rw------- 1 root root 1679 Jul 14 13:58 ssh_host_rsa_key
-rw-r--r-- 1 root root 393 Jul 14 13:58 ssh_host_rsa_key.pub
-rw-r--r-- 1 root root 3207 Jul 14 10:24 sshd_config
-rw-r--r-- 1 root root 3207 Apr 29 2010 sshd_config.bak
-rw-r--r-- 1 root root 3207 Jul 14 10:17 sshd_config.new
-rw-r--r-- 1 root root 3582 Jul 14 10:23 sshd_config_old
Each .pub key has 600 for permissions. The rsa keys are being used.

Willysr.

The first few bytes of /home/myuser/.ssh/known_hosts.

Quote:
cat known_hosts
cliffs-mini,192.168.1.13 ssh-rsa
I can confirm this is the correct IP address for the client netbook, and the correct host name I have set. I also looked at the almost 400 characters in the .pub key, and they look identical. I can not spot any difference.

SeRi@lDiE

I tried several things. First of all, there was a known_hosts file. I could not connect. So I deleted the file, can created a new empty file with touch.

I tried to connect, it failed as before. It seems to take a few minutes for the pub key to appear in /home/myuser/.ssh/known_hosts ; it does show up. As I posted above, the host name and IP address are correct, and the almost 400 character .pub key matches with the client.

I still am stuck with 'Host key verification failed'. Stumped....
 
Old 07-15-2011, 10:50 AM   #6
audriusk
Member
 
Registered: Mar 2011
Location: Klaipėda, Lithuania
Distribution: Slackware
Posts: 340

Rep: Reputation: 181Reputation: 181
Instead of guessing, you should start by adding -v (verbose) option to ssh command to see what it's doing when you try to connect from your Ubuntu box to Slackware one. You can add up to three v's to increase verbosity, though I suggest to use single -v at first so you won't be swamped with details.
 
Old 07-15-2011, 11:19 AM   #7
willysr
Senior Member
 
Registered: Jul 2004
Location: Jogja, Indonesia
Distribution: Slackware-Current
Posts: 3,707

Rep: Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002
have you make sure that the openssh daemon has been started?
check /etc/rc.d/rc.sshd permission. It should have execute permission
 
Old 07-15-2011, 11:59 AM   #8
camorri
LQ Guru
 
Registered: Nov 2002
Location: Somewhere inside 9.9 million sq. km. Canada
Distribution: Slackware 14.1, 14.2
Posts: 5,190

Original Poster
Rep: Reputation: 526Reputation: 526Reputation: 526Reputation: 526Reputation: 526Reputation: 526
A single -v produced this:

Quote:
ssh cliff@duelie -v
OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25 Mar 2009
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to duelie [192.168.1.26] port 22.
debug1: Connection established.
debug1: identity file /home/cliff/.ssh/identity type -1
debug1: identity file /home/cliff/.ssh/id_rsa type -1
debug1: identity file /home/cliff/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.5
debug1: match: OpenSSH_5.5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu6
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
Host key verification failed.
Does this help? I'll post -vv if it is needed.

Yes, sshd is running. I verified that with 'ps aux | grep sshd'.
 
Old 07-15-2011, 12:36 PM   #9
allend
Senior Member
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 4,693

Rep: Reputation: 1577Reputation: 1577Reputation: 1577Reputation: 1577Reputation: 1577Reputation: 1577Reputation: 1577Reputation: 1577Reputation: 1577Reputation: 1577Reputation: 1577
Try explicitly specifying the use of rsa in /etc/ssh/sshd_config on the Slackware machine and turning off other key types.
Quote:
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
 
Old 07-15-2011, 01:12 PM   #10
camorri
LQ Guru
 
Registered: Nov 2002
Location: Somewhere inside 9.9 million sq. km. Canada
Distribution: Slackware 14.1, 14.2
Posts: 5,190

Original Poster
Rep: Reputation: 526Reputation: 526Reputation: 526Reputation: 526Reputation: 526Reputation: 526
allend,

Tried the rsa key as you suggested, no change. I also put the # back, and tried the dsa key without the #. Didn't make any difference.
 
Old 07-15-2011, 01:54 PM   #11
camorri
LQ Guru
 
Registered: Nov 2002
Location: Somewhere inside 9.9 million sq. km. Canada
Distribution: Slackware 14.1, 14.2
Posts: 5,190

Original Poster
Rep: Reputation: 526Reputation: 526Reputation: 526Reputation: 526Reputation: 526Reputation: 526
I have found a work around. I copied the ssh_config file from slackware 13.37 and put it on the netbook. I just tested it, and I go connected. So, I'm concluding there is something in the original ssh_config file that came with Ubuntu sshd on slack doesn't like.

What gave me the clew, I dug out an old desktop, put it together, and tried it. Once I got past the the immediate disconnect caused by the hosts.allow file, I got connected to Slackware 13.37. At that point I was sure it had more to do with the Ubuntu netbook config than with sshd on slack.

Now to set up user keys.

Thank-you for all those who responded. Each one of you got me a little closer to a solution.
 
Old 07-15-2011, 01:56 PM   #12
audriusk
Member
 
Registered: Mar 2011
Location: Klaipėda, Lithuania
Distribution: Slackware
Posts: 340

Rep: Reputation: 181Reputation: 181
Hmm, this is puzzling. If I understand it correctly, the client fails while trying to verify host key which it should have got from the server. I'm not sure if more verbose output from ssh client would help here, because the last few lines from your output stay mostly the same for me and, if successful, I immediately get the following:
Code:
debug1: Server host key: RSA xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
The authenticity of host '192.168.0.1 (192.168.0.1)' can't be established.
RSA key fingerprint is xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)?
I've googled someone who had similar problem, and he solved it by regenerating host keys. Here's the link: http://stackoverflow.com/questions/5...e-clients-only

Not sure if that would help in your case, but the easiest way to regenerate keys in Slackware is to remove key files from /etc/ssh completely and restart sshd by running /etc/rc.d/rc.sshd restart

Edit: Oops, a little too late with my answer... Glad that you solved your problem!

Last edited by audriusk; 07-15-2011 at 02:00 PM.
 
Old 07-15-2011, 02:20 PM   #13
camorri
LQ Guru
 
Registered: Nov 2002
Location: Somewhere inside 9.9 million sq. km. Canada
Distribution: Slackware 14.1, 14.2
Posts: 5,190

Original Poster
Rep: Reputation: 526Reputation: 526Reputation: 526Reputation: 526Reputation: 526Reputation: 526
In the interest of helping someone else, here are the lines form the original ssh_config file that came with ssh on Ubuntu 10.04.

Quote:
Host *
# ForwardAgent no
# ForwardX11 no
# ForwardX11Trusted yes
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/identity
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
# Protocol 2,1
# Cipher 3des
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
SendEnv LANG LC_*
HashKnownHosts yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials no
BatchMode yes
I don't pretend to know or understand why this file caused the problems I had. I compared this config to the one from slack ssh, the the most obvious difference I saw were the last five lines. I did't add these, they were there after I did a un-install and then install of the ssh client and ssh server form Ubuntu repos.
 
Old 07-15-2011, 02:37 PM   #14
audriusk
Member
 
Registered: Mar 2011
Location: Klaipėda, Lithuania
Distribution: Slackware
Posts: 340

Rep: Reputation: 181Reputation: 181
Looks like BatchMode was the culprit here:

Quote:
If set to “yes”, passphrase/password querying will be disabled. This option is useful in scripts and other batch jobs where no user is present to supply the password. The argument must be “yes” or “no”. The default is “no”.
I've tried it by adding BatchMode yes to ~/.ssh/config and commenting the line of my router in ~/.ssh/known_hosts and got this infamous "Host key verification failed." message.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Host key verification failed brownie_cookie Linux - Newbie 2 03-29-2011 07:56 AM
using SSH in PHP invokes 'Host Key Verification Failed' error chuafengru Programming 3 10-01-2010 02:26 PM
scp - Host key verification failed. Hellbike Linux - Server 2 05-30-2010 04:16 AM
Ssh problem: Host key verification failed redfeet Linux - Server 3 02-11-2010 12:39 PM
to 2.6.10 from 2.4.26 | ssh client | Host key verification failed kaN5300 Slackware 6 01-05-2005 11:04 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 04:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration