key_verify failed for server_host_key from Solaris 2.7 to non-Solaris hosts

Marcus Stoegbauer stoegbauer at hrz.tu-darmstadt.de
Fri Apr 27 19:00:00 EST 2001


Hi,

I am using OpenSSH 2.5.2p2 on Solaris 2.7 (Ultra 10) with 64bit support and 
have the following problem when connecting with the ssh2 protocol to 
non-solaris OS:
On the client side, I do:
/local/work/lysis/bin/slogin -v -2 -p 2222 rs30

On the server side (AIX 4.3), the sshd runs as follows:
aix/sbin/sshd -p 2222 -d

Full output follows at the end of this mail.
The server is compiled with EGD support, on the client side I tested EGD and
ANDIrand (http://www.cosy.sbg.ac.at/~andi/), both with the same result:
key_verify failed for server_host_key

The same happens when I connect from Solaris to Linux servers running OpenSSH
versions 2.3 and above.

During the tests I noticed that I get no errors when I rename the "primes" file
at server side.
Has anyone a similar problem or knows what is wrong here? If more information
is needed, please let me know.

Thanks in advance,

   Marcus



Client output:
==============
OpenSSH_2.5.2p2, SSH protocols 1.5/2.0, OpenSSL 0x0090601f
debug1: Seeding random number generator
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: getuid 27046 geteuid 27046 anon 1
debug1: Connecting to rs30 [130.83.126.33] port 2222.
debug1: Connection established.
debug1: unknown identity file /home/lysis/.ssh/id_rsa
debug1: identity file /home/lysis/.ssh/id_rsa type -1
debug1: identity file /home/lysis/.ssh/id_dsa type 2
debug1: Remote protocol version 1.99, remote software version OpenSSH_2.5.1p2
debug1: match: OpenSSH_2.5.1p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_2.5.2p2
debug1: send KEXINIT
debug1: done
debug1: wait KEXINIT
debug1: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug1: got kexinit: ssh-dss
debug1: got kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug1: got kexinit:
3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug1: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug1: got kexinit: hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug1: got kexinit: none,zlib
debug1: got kexinit: none,zlib
debug1: got kexinit: 
debug1: got kexinit: 
debug1: first kex follow: 0 
debug1: reserved: 0 
debug1: done
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: Sending SSH2_MSG_KEX_DH_GEX_REQUEST.
debug1: Wait SSH2_MSG_KEX_DH_GEX_GROUP.
debug1: Got SSH2_MSG_KEX_DH_GEX_GROUP.
debug1: dh_gen_key: priv key bits set: 121/256
debug1: bits set: 1000/2049
debug1: Sending SSH2_MSG_KEX_DH_GEX_INIT.
debug1: Wait SSH2_MSG_KEX_DH_GEX_REPLY.
debug1: Got SSH2_MSG_KEXDH_REPLY.
debug1: Host 'rs30' is known and matches the DSA host key.
debug1: Found key in /home/lysis/.ssh/known_hosts2:22
debug1: bits set: 1016/2049
debug1: len 55 datafellows 0
debug1: ssh_dss_verify: signature incorrect
key_verify failed for server_host_key
debug1: Calling cleanup 0x3d4f0(0x0)


Server output:
==============
debug1: sshd version OpenSSH_2.5.1p2
debug1: load_private_key_autodetect: type 0 RSA1
debug1: read SSH2 private key done: name dsa w/o comment success 1
debug1: load_private_key_autodetect: type 2 DSA
debug1: Seeding random number generator
debug1: Bind to port 2222 on 0.0.0.0.
Server listening on 0.0.0.0 port 2222.
Generating 768 bit RSA key.
debug1: Seeding random number generator
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 130.83.126.55 port 33706
debug1: Client protocol version 2.0; client software version OpenSSH_2.5.2p2
debug1: match: OpenSSH_2.5.2p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_2.5.1p2
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: list_hostkey_types: ssh-dss
debug1: send KEXINIT
debug1: done
debug1: wait KEXINIT
debug1: got kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug1: got kexinit: ssh-rsa,ssh-dss
debug1: got kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug1: got kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc at lysator.liu.se
debug1: got kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug1: got kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at openssh.com,hmac-sha1-96,hmac-md5-96
debug1: got kexinit: none
debug1: got kexinit: none
debug1: got kexinit: 
debug1: got kexinit: 
debug1: first kex follow: 0 
debug1: reserved: 0 
debug1: done
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: Wait SSH2_MSG_KEX_DH_GEX_REQUEST.
debug1: Sending SSH2_MSG_KEX_DH_GEX_GROUP.
debug1: bits set: 1016/2049
debug1: Wait SSH2_MSG_KEX_DH_GEX_INIT.
debug1: bits set: 1000/2049
debug1: sig size 20 20
debug1: send SSH2_MSG_NEWKEYS.
debug1: done: send SSH2_MSG_NEWKEYS.
debug1: Wait SSH2_MSG_NEWKEYS.
Connection closed by 130.83.126.55
debug1: Calling cleanup 0x200077f4(0x0)


-- 
Technische Universitaet Darmstadt  Hochschulrechenzentrum (HRZ)
Technical  University   Darmstadt  University Computing Center
D 64287  Darmstadt  Germany
Petersenstrasse 30



More information about the openssh-unix-dev mailing list