[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Форвард 22 порта и "Host key verification failed"

Artem Chuprina пишет:

Oleg Frolkov -> debian-russian@lists.debian.org  @ Fri, 25 Jul 2008 08:33:10 +0400:

 OF> впрочем косяк все равно на вызывающем хосте, что-то с ssh. Под обычным
 OF> пользователем говорит:

 OF> ssh -v user@1.2.3.4
 OF> -----------------------------
 OF> OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
 OF> debug1: Reading configuration data /etc/ssh/ssh_config
 OF> debug1: Applying options for *
 OF> debug1: Rhosts Authentication disabled, originating port will not be trusted.
 OF> debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22.
 OF> debug1: Connection established.
 OF> debug1: identity file /home/sysop/.ssh/identity type -1
 OF> debug1: identity file /home/sysop/.ssh/id_rsa type -1
 OF> debug1: identity file /home/sysop/.ssh/id_dsa type -1
 OF> debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2
 OF> Debian-9etch2
 OF> debug1: match: OpenSSH_4.3p2 Debian-9etch2 pat OpenSSH*
 OF> debug1: Enabling compatibility mode for protocol 2.0
 OF> debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
 OF> debug1: SSH2_MSG_KEXINIT sent
 OF> debug1: SSH2_MSG_KEXINIT received
 OF> debug1: kex: server->client aes128-cbc hmac-md5 none
 OF> debug1: kex: client->server aes128-cbc hmac-md5 none
 OF> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
 OF> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
 OF> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
 OF> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
 OF> Host key verification failed.
 OF> debug1: Calling cleanup 0x8062d60(0x0)

 OF> Не совсем понимаю.... что тут может быть.
 OF> Под рутом ssh исполняется нормально и заходит на хост.

А покажи-ка права на /etc/ssh и /etc/ssh/* на вызывающем хосте...



Ага.... я сейчас тоже об этом подумал....

$ ls -ld /etc/ssh
drwxr-xr-x    2 root     root         1024 Nov 13  2007 /etc/ssh

$ls -l /etc/ssh
total 98
-rw-------    1 root     root        88039 Sep 28  2006 moduli
-rw-r--r--    1 root     root         1196 Jul 25 08:25 ssh_config
-rw-------    1 root     root          672 Aug 16  2005 ssh_host_dsa_key
-rw-r--r--    1 root     root          590 Aug 16  2005 ssh_host_dsa_key.pub
-rw-------    1 root     root          515 Aug 16  2005 ssh_host_key
-rw-r--r--    1 root     root          319 Aug 16  2005 ssh_host_key.pub
-rw-------    1 root     root          883 Aug 16  2005 ssh_host_rsa_key
-rw-r--r--    1 root     root          210 Aug 16  2005 ssh_host_rsa_key.pub
-rw-------    1 root     root         2492 Nov 13  2007 sshd_config

Но тут вроде все в порядке. Еще вычитал что -vvv можно поставить:

$ ssh -vvv user@1.2.3.4
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted. 
debug2: ssh_connect: needpriv 0
debug1: Connecting to 1.2.3.4 [1.2.3.4] port 22.
debug1: Connection established.
debug1: identity file /home/sysop/.ssh/identity type -1
debug1: identity file /home/sysop/.ssh/id_rsa type -1
debug1: identity file /home/sysop/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.3p2 Debian-9etch2 
debug1: match: OpenSSH_4.3p2 Debian-9etch2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96 
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 123/256
debug2: bits set: 1057/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/sysop/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/sysop/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 0 for host 1.2.3.4
debug3: check_host_in_hostfile: filename /home/sysop/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: filename /home/sysop/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 2 for host 1.2.3.4
Host key verification failed.
debug1: Calling cleanup 0x8062d60(0x0)
Но все равно это для меня не прояснило ситуацию :( ssh не нашел локально ключа и не делает попыток его получить с той стороны. 

$ cat /etc/redhat-release
Red Hat Enterprise Linux AS release 3 (Taroon Update 8)
Это VPS хостинг на Rusonyx. Старый темплейт, не апдейтится. Саппорт на все вопросы говорит: "Переходите на новый темплейт" но пока не приперло - лениво, придется ведь ip менять, а у меня там secondary DNS. В общем пока геморрой оттягиваю, как проплата старого закончится буду переезжать.
В общем-то особо не напрягает, но все равно интересно где могла собака порыться. 

Олег.
Reply to: