Bug#246273: marked as done ("Host key verification failed." for new hosts)
Your message dated Wed, 28 Apr 2004 17:55:40 +0100
with message-id <20040428165540.GA26483@riva.ucam.org>
and subject line Bug#246273: clues
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 28 Apr 2004 06:56:25 +0000
>From jeffb@vulcan.com Tue Apr 27 23:56:25 2004
Return-path: <jeffb@vulcan.com>
Received: from houseofdistraction.com [206.63.251.121]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BIizY-0001e1-00; Tue, 27 Apr 2004 23:56:25 -0700
Received: from (weasel) [216.220.193.132]
by houseofdistraction.com with esmtp (Exim 3.35 #1 (Debian))
id 1BIizU-00041E-00; Tue, 27 Apr 2004 23:56:20 -0700
Received: from jeffb by weasel with local (Exim 4.32)
id 1BIiyy-0001nC-0w; Tue, 27 Apr 2004 23:55:48 -0700
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Jeff <jeffb@vulcan.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: "Host key verification failed." for new hosts
X-Mailer: reportbug 2.58
Date: Tue, 27 Apr 2004 23:55:48 -0700
Message-Id: <[🔎] E1BIiyy-0001nC-0w@weasel>
Sender: Debian User <jeffb@darwin.corp.vnw.com>
X-BadReturnPath: jeffb@darwin.corp.vnw.com rewritten as jeffb@vulcan.com
using "From" header
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
X-CrossAssassin-Score: 1
Package: ssh
Version: 1:3.8p1-3
Severity: normal
Since upgrading I get "Host key verification failed." for hosts which are
not listed in ~/.ssh/known_hosts. In the past it would prompt me and add
new hosts to this file but this doesn't seem to happen anymore.
The above is only for normal user accounts. Everything seems to work as it
used to when using ssh as root.
Here's the output of ssh -v -v -v for a failed session:
OpenSSH_3.8p1 Debian 1:3.8p1-3, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to kaukau [10.0.107.23] port 22.
debug1: Connection established.
debug1: identity file /home/jeffb/.ssh/identity type -1
debug1: identity file /home/jeffb/.ssh/id_rsa type -1
debug1: identity file /home/jeffb/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8p1 Debian 1:3.8p1-3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 130/256
debug2: bits set: 534/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/jeffb/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/jeffb/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/jeffb/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 0 for host kaukau
debug3: check_host_in_hostfile: filename /home/jeffb/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: filename /home/jeffb/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 2 for host kaukau
Host key verification failed.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.5-1-686
Locale: LANG=C, LC_CTYPE=C
Versions of packages ssh depends on:
ii adduser 3.52 Add and remove users and groups
ii debconf 1.4.24 Debian configuration management sy
ii dpkg 1.10.21 Package maintenance system for Deb
ii libc6 2.3.2.ds1-12 GNU C Library: Shared libraries an
ii libpam-modules 0.76-19 Pluggable Authentication Modules f
ii libpam-runtime 0.76-19 Runtime support for the PAM librar
ii libpam0g 0.76-19 Pluggable Authentication Modules l
ii libssl0.9.7 0.9.7d-1 SSL shared libraries
ii libwrap0 7.6.dbs-2 Wietse Venema's TCP wrappers libra
ii zlib1g 1:1.2.1-5 compression library - runtime
-- debconf information:
* ssh/privsep_tell:
ssh/insecure_rshd:
ssh/privsep_ask: true
ssh/ssh2_keys_merged:
ssh/user_environment_tell:
* ssh/forward_warning:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/protocol2_only: true
ssh/encrypted_host_key_but_no_keygen:
* ssh/run_sshd: true
* ssh/SUID_client: true
---------------------------------------
Received: (at 246273-done) by bugs.debian.org; 28 Apr 2004 16:55:44 +0000
>From cjwatson@flatline.org.uk Wed Apr 28 09:55:44 2004
Return-path: <cjwatson@flatline.org.uk>
Received: from chiark.greenend.org.uk [193.201.200.170] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BIsLY-0006Dw-00; Wed, 28 Apr 2004 09:55:44 -0700
Received: from [192.168.124.112] (helo=riva.lab.dotat.at)
by chiark.greenend.org.uk (Debian Exim 3.35 #1) with esmtp
for 246273-done@bugs.debian.org
id 1BIsLW-0003VC-00; Wed, 28 Apr 2004 17:55:42 +0100
Received: from cjwatson by riva.lab.dotat.at with local (Exim 3.35 #1 (Debian))
for 246273-done@bugs.debian.org
id 1BIsLU-0006uj-00; Wed, 28 Apr 2004 17:55:40 +0100
Date: Wed, 28 Apr 2004 17:55:40 +0100
From: Colin Watson <cjwatson@debian.org>
To: 246273-done@bugs.debian.org
Subject: Re: Bug#246273: clues
Message-ID: <20040428165540.GA26483@riva.ucam.org>
References: <[🔎] 408FD5A6.6020007@vulcan.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[🔎] 408FD5A6.6020007@vulcan.com>
User-Agent: Mutt/1.3.28i
Delivered-To: 246273-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
X-CrossAssassin-Score: 1
On Wed, Apr 28, 2004 at 09:02:46AM -0700, Jeff Bowden wrote:
> Apparently ssh *really* wants to us ssh-askpass now. I don't see
> anything in /usr/share/doc/ssh or /etc/ssh to indicate this so I'm
> guessing it somehow got built with a new default?
>
> ...
>
> I just tested on another similarly configured machine and the problem
> doesn't exist there. The only differences in /etc/ssh between the two
> machines are the host keys. /etc/default/ssh and /etc/pam.d/ssh are
> also identical between the two machines.
>
> I tried creating a new user account 'test' on the afflicted machine and
> even after su - test, ssh fails from that account in the same way.
>
> I tried purging and reinstalling ssh. No dice.
>
> Clearly there must be some weird interaction with something else on the
> system. If I knew what was causing it, I would file a bug against it :-)
It's makedev. Upgrade that package to version 2.3.1-69.
Cheers,
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: