Problems with SSH Upgrade

To: debian-security@lists.debian.org
Cc: security@debian.org
Subject: Problems with SSH Upgrade
From: Hendrik Naumann <hn75@gmx.de>
Date: Wed, 26 Jun 2002 13:37:01 +0200
Message-id: <[🔎] psnITB.A.P3F.MeaG9@murphy>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi

Firts: the potato upgrade works perfectly for me.

But I upgraded a woodybox (kernel 2.4.18-686) to
ssh_1%3a3.3p1-0.0woody4_i386.deb .

When restarting sshd by the init script the following error message 
is droped

Disabling protocol version 2. Could not load host key
Restarting OpenBSD Secure Shell server: sshdDisabling protocol 
version 2. Could not load host key

Reading man sshd all key files needed are generated
ls -la /etc/ssh gives
- -rw-r--r--    1 root     root         1114 Jun 24 21:34 ssh_config
- -rw-r--r--    1 root     root          893 Jul 17  2001 
ssh_config.dpkg-old
- -rw-------    1 root     root          668 Jul 17  2001 
ssh_host_dsa_key
- -rw-r--r--    1 root     root          602 Jul 17  2001 
ssh_host_dsa_key.pub
- -rw-------    1 root     root          527 Jun 26 06:25 ssh_host_key
- -rw-r--r--    1 root     root          331 Jul 17  2001 
ssh_host_key.pub
- -rw-------    1 root     root          883 Mar 10 22:48 
ssh_host_rsa_key
- -rw-r--r--    1 root     root          222 Mar 10 22:48 
ssh_host_rsa_key.pub
- -rw-r--r--    1 root     root         1271 Jul 17  2001 sshd_config

I can still connect to the machine via ssh protocol 1, but forcing 
protocol 2 gives:
ssh -2 hostname
Protocol major versions differ: 2 vs. 1

I tried to generate new keys using
cd  
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -t rsa -N ''
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -t dsa -N ''

But this also didn't help. 

Any hints? I also attachted the sshd_conf file. 

Thanks Hendrik


- -- 
PGP ID 21F0AC0265C92061
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9GadmIfCsAmXJIGERAjbuAJ0VV+3/MnUKHMeOUaxv1rDOpiqXoACfTdPo
Nn8yQiykaQZOGOGuHE5VmLI=
=rTmT
-----END PGP SIGNATURE-----

# This is ssh server systemwide configuration file.

Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes
#
# Don't read ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd yes
KeepAlive yes

# Logging
SyslogFacility AUTH
LogLevel INFO
#obsoletes QuietMode and FascistLogging

RhostsAuthentication no
#
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
RhostsRSAAuthentication no
#
RSAAuthentication yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no
# Uncomment to disable s/key passwords
#SkeyAuthentication no
#KbdInteractiveAuthentication yes

# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no

# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes

#CheckMail no
#UseLogin no

# Uncomment if you want to enable sftp
#Subsystem      sftp    /usr/lib/sftp-server
#MaxStartups 10:30:60

Reply to:

Prev by Date: Re: DSA-134-1
Next by Date: Re: DSA-134-1
Previous by thread: Re: non-us.debian.org is down
Next by thread: Re: Problems with SSH Upgrade
Index(es):
- Date
- Thread