Re: Can't get past authenticity of host popup with ssh

To: Debian User List <debian-user@lists.debian.org>
Cc: "Boylan, Ross" <ross.boylan@ucsf.edu>
Subject: Re: Can't get past authenticity of host popup with ssh
From: Ross Boylan <rossboylan@stanfordalumni.org>
Date: Fri, 27 Feb 2015 11:30:05 -0800
Message-id: <[🔎] CAK3NTRCbcfGVvgpyK3AaAi-CaqB_HkcTFL10OfT4pouN0OJdNA@mail.gmail.com>
In-reply-to: <[🔎] CAK3NTRDGeWSP6+zyVnx8PzHon+ArM6GPJFw-1xX+dUxkEy7OJg@mail.gmail.com>
References: <[🔎] CAK3NTRDGeWSP6+zyVnx8PzHon+ArM6GPJFw-1xX+dUxkEy7OJg@mail.gmail.com>

By using su instead of sux I eliminated the popup and got past the
host verification.  Now that root on A has B in the known_hosts file I
can connect from the sux session as well.

I still do not understand where the popup came from and why it didn't
work.  Here's some more info on what ssh was doing during the failed
connection:

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA 14:d2:cd:ea:d3:a0:82:5b:25:b8:8d:00:ad:c5:54:68
debug1: checking without port identifier
debug1: read_passphrase: can't open /dev/tty: No such device or address
debug1: permanently_drop_suid: 0
Host key verification failed.

I think the popup happened after the last debug line above.
Ross

On Fri, Feb 27, 2015 at 11:10 AM, Ross Boylan
<rossboylan@stanfordalumni.org> wrote:
> I can ssh from machine A to B as user ross on both, using key-based
> login.  ssh-agent is running under KDE on A.  A is Debian wheezy, B is
> Debian squeeze.
>
> However, when I do the following sequence on A:
> sux  # change to root with X credentials
> ssh -i /home/ross/.ssh/id_rsa ross@B
>
> A window pops up with the message "The authenticity of host 'xxx'
> can't be established.
> RSA key fingerprint is YYY.
> Are you sure you want to continue connecting (yes/no)?
> The title is "OpenSSH Authentication Passphrase Request" and it has 2
> buttons, "OK" and "Cancel".
> When I click OK I get a message, in my original terminal,
> Host key verification failed.
>
> Clicking cancel doesn't change the result.  Operating in a shell from
> which I have unset DISPLAY and the SSH_AGENT variables doesn't change
> the result (there's no popup, just an immediate verification failure).
>
> I would be very grateful if anyone could explain what's going and what
> I can do to get past this.  I have checked permissions of the relevant
> files for ross and root on A, and they appear to be in order.  On A,
> root's .ssh/ has only a known_hosts file.
>
> I have never encountered this popup before; I have only seen the "Are
> you sure you want to continue connecting" in the same terminal from
> which I ran ssh, and I can reply on the command line.  I don't know
> where the popup is coming from.
>
> My speculation is that because of the popup all my responses are taken
> as "No" for continuing connecting.
>
> I have to run as root for sshuttle.
>
> Thanks.
> Ross Boylan

Reply to:

Follow-Ups:
- Re: Can't get past authenticity of host popup with ssh
  - From: Bob Proulx <bob@proulx.com>

References:
- Can't get past authenticity of host popup with ssh
  - From: Ross Boylan <rossboylan@stanfordalumni.org>

Prev by Date: Can't get past authenticity of host popup with ssh
Next by Date: Re: debian 8 Kmail IMAP funktioniert nach einiger Zeit nicht mehr, Rechner muss neu gestartet werden
Previous by thread: Can't get past authenticity of host popup with ssh
Next by thread: Re: Can't get past authenticity of host popup with ssh
Index(es):
- Date
- Thread