Bug#231485: marked as done (Dies with hash mismatch error before login)

To: Colin Watson <cjwatson@debian.org>
Cc: Matthew Vernon <matthew@debian.org>
Subject: Bug#231485: marked as done (Dies with hash mismatch error before login)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 22 Feb 2004 10:03:09 -0800
Message-id: <[🔎] handler.231485.D231485.10774720725276.ackdone@bugs.debian.org>
In-reply-to: <20040222174749.GB1801@riva.ucam.org>
References: <20040222174749.GB1801@riva.ucam.org> <[🔎] 200402062138.43499.svf@mssl.ucl.ac.uk>

Your message dated Sun, 22 Feb 2004 17:47:49 +0000
with message-id <20040222174749.GB1801@riva.ucam.org>
and subject line Bug#231485: Dies with hash mismatch error before login
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 6 Feb 2004 21:34:09 +0000
>From svf@mssl.ucl.ac.uk Fri Feb 06 13:34:09 2004
Return-path: <svf@mssl.ucl.ac.uk>
Received: from mssltz.mssl.ucl.ac.uk [128.40.71.165] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1ApDc0-0002Ae-00; Fri, 06 Feb 2004 13:34:08 -0800
Received: from msslwc.mssl.ucl.ac.uk (sfuerst@msslwc.mssl.ucl.ac.uk [128.40.71.228])
	by mssltz.mssl.ucl.ac.uk (8.12.10/8.12.10) with ESMTP id i16LXWnE019865
	for <submit@bugs.debian.org>; Fri, 6 Feb 2004 21:33:32 GMT
From: Steven Fuerst <svf@mssl.ucl.ac.uk>
To: submit@bugs.debian.org
Subject: Dies with hash mismatch error before login
Date: Fri, 6 Feb 2004 21:38:43 +0000
User-Agent: KMail/1.5.4
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <[🔎] 200402062138.43499.svf@mssl.ucl.ac.uk>
X-MSSL-MailScanner-Information: Please contact the ISP for more information
X-MSSL-MailScanner: No virus found
X-MSSL-MailScanner-SpamCheck: not spam, SpamAssassin (score=-4.9, required 5,
	BAYES_00 -4.90)
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_02_01 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=HAS_PACKAGE autolearn=no 
	version=2.60-bugs.debian.org_2004_02_01
X-Spam-Level: 

Package: ssh
Version: 1:3.6.1p2-11
Severity: grave
Tags: sid

ssh cannot be used to log into other machines or forward ports.  I have tried 
to connect to several machines running Tru64 Unix and linux, all failing with 
the following error message before the login prompt is reached:

hash mismatch
key_verify failed for server_host_key

This was working a couple of weeks ago.  Unfortunately, I did a mass update 
since then, so pointing out exactly when this problem occured will be 
difficult.

Here is a debug log:
ssh -v -v msslah
OpenSSH_3.6.1p2 Debian 1:3.6.1p2-11, SSH protocols 1.5/2.0, OpenSSL 0x0090703f
debug1: Reading configuration data /home/sfuerst/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug2: ssh_connect: needpriv 0
debug1: Connecting to msslah [128.40.71.159] port 22.
debug1: Connection established.
debug1: identity file /home/sfuerst/.ssh/identity type 0
debug1: identity file /home/sfuerst/.ssh/id_rsa type -1
debug1: identity file /home/sfuerst/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.0.2p1
debug1: match: OpenSSH_3.0.2p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2 Debian 1:3.6.1p2-11
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: 
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: 
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: 
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 132/256
debug2: bits set: 1579/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug2: key_type_from_name: unknown key type '1024'
debug2: key_type_from_name: unknown key type '1024'
debug1: Host 'msslah' is known and matches the RSA host key.
debug1: Found key in /home/sfuerst/.ssh/known_hosts:8
debug2: bits set: 1585/3191
hash mismatch
debug1: ssh_rsa_verify: signature incorrect
key_verify failed for server_host_key
debug1: Calling cleanup 0x80623b0(0x0)

---------------------------------------
Received: (at 231485-done) by bugs.debian.org; 22 Feb 2004 17:47:52 +0000
>From cjwatson@flatline.org.uk Sun Feb 22 09:47:52 2004
Return-path: <cjwatson@flatline.org.uk>
Received: from chiark.greenend.org.uk [193.201.200.170] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1Auxhn-0001Mv-00; Sun, 22 Feb 2004 09:47:51 -0800
Received: from [192.168.124.112] (helo=riva.lab.dotat.at)
	by chiark.greenend.org.uk (Debian Exim 3.35 #1) with esmtp
	for 231485-done@bugs.debian.org
	id 1Auxhl-0000D5-00; Sun, 22 Feb 2004 17:47:49 +0000
Received: from cjwatson by riva.lab.dotat.at with local (Exim 3.35 #1 (Debian))
	for 231485-done@bugs.debian.org
	id 1Auxhl-0000Vd-00; Sun, 22 Feb 2004 17:47:49 +0000
Date: Sun, 22 Feb 2004 17:47:49 +0000
From: Colin Watson <cjwatson@debian.org>
To: 231485-done@bugs.debian.org
Subject: Re: Bug#231485: Dies with hash mismatch error before login
Message-ID: <20040222174749.GB1801@riva.ucam.org>
References: <[🔎] 200402062138.43499.svf@mssl.ucl.ac.uk> <[🔎] 20040209144641.GA8450@riva.ucam.org> <[🔎] 200402141334.21937.svf@mssl.ucl.ac.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[🔎] 200402141334.21937.svf@mssl.ucl.ac.uk>
User-Agent: Mutt/1.3.28i
Delivered-To: 231485-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_02_22 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=HAS_BUG_NUMBER autolearn=no 
	version=2.60-bugs.debian.org_2004_02_22
X-Spam-Level: 

On Sat, Feb 14, 2004 at 01:34:21PM +0000, Steven Fuerst wrote:
> On Monday 09 Feb 2004 2:46 pm, Colin Watson wrote:
> > On Fri, Feb 06, 2004 at 09:38:43PM +0000, Steven Fuerst wrote:
> > > I have tried to connect to several machines running Tru64 Unix and
> > > linux, all failing with the following error message before the login
> > > prompt is reached:
> > >
> > > hash mismatch
> > > key_verify failed for server_host_key
> >
> > This is going to be difficult to debug. Is there any way you can set up
> > an environment that I can attempt to connect to and check? The host key
> > check happens before authentication, so I wouldn't need an account.
> 
> Upgrading to kernel 2.6.2 fixed the problem.  I'm not sure why (possibly 
> libc??), but it is fixed now.  You can probably close this bug.

Strange - but thanks for getting back to us. Closing, then.

Regards,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

References:
- Bug#231485: Dies with hash mismatch error before login
  - From: Steven Fuerst <svf@mssl.ucl.ac.uk>

Prev by Date: Bug#219377: Debian bug #219377: further info
Next by Date: Bug#73611: (no subject)
Previous by thread: Bug#231485: Dies with hash mismatch error before login
Next by thread: Bug#171673: Debian bugs 15903, 171673, 214706 believed fixed upstream
Index(es):
- Date
- Thread