Manual Page for ssh_config
Roumen Petrov
openssh at roumenpetrov.info
Mon May 12 17:28:43 EST 2003
use "ssh-keyscan -t rsa,dsa localhost" to check server host keys.
server always should have dsa key (many clients support only "ssh-dss"
host key), rsa hostkey is recommended, all other hostkeys are optional.
I dont think that this is problem.
I think that your linux server has rsa and dsa keys and freebsd - only
dsa hostkey.
That is all.
Dirk GOUDERS wrote:
> > Sorry, but I cannot understand where is problem and I cannot test with
> > too old server version (insufficient time).
>
>Thanks for your reply and sorry for the prior use of an out of date
>version.
>
>I did some more testing and on a GNU/Linux system, I installed a newer
>OpenSSH version (the same as on my FreeBSD system) and noticed that
>the two systems behave different with identical configuration files.
>
>On both machines, I have no key for localhost in the file
>~/.ssh/known_hosts.
>On the GNU/Linux system, if I try to connect to localhost, the RSA key
>fingerprint is printed and I get asked if I am sure that I want to
>connect, but on the FreeBSD machine the DSA key fingerprint is
>printed before the question.
>
>Well, with identical OpenSSH versions and configuration files
>(sshd_config as well as ssh_config), I am wondering what it is that
>could cause the two systems to behave differently...
>
>I attach the console outputs from both machines:
>
>GNU/LINUX:
>------------------------------------------------------------------------
>OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
>debug1: Reading configuration data /usr/etc/ssh_config
>debug1: Applying options for *
>debug1: Rhosts Authentication disabled, originating port will not be trusted.
>debug1: ssh_connect: needpriv 0
>debug1: Connecting to localhost [127.0.0.1] port 22.
>debug1: Connection established.
>debug1: identity file ~/.ssh/identity type -1
>debug1: identity file ~/.ssh/id_rsa type -1
>debug1: identity file ~/.ssh/id_dsa type -1
>debug1: Remote protocol version 2.0, remote software version OpenSSH_3.5p1
>debug1: match: OpenSSH_3.5p1 pat OpenSSH*
>debug1: Enabling compatibility mode for protocol 2.0
>debug1: Local version string SSH-2.0-OpenSSH_3.5p1
>debug1: SSH2_MSG_KEXINIT sent
>debug1: SSH2_MSG_KEXINIT received
>debug1: kex: server->client aes128-cbc hmac-md5 none
>debug1: kex: client->server aes128-cbc hmac-md5 none
>debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
>debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>debug1: dh_gen_key: priv key bits set: 140/256
>debug1: bits set: 1043/2049
>debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>The authenticity of host 'localhost (127.0.0.1)' can't be established.
>RSA key fingerprint is d9:eb:e9:c6:10:cb:59:93:87:c8:f0:42:d4:b9:9b:77.
>Are you sure you want to continue connecting (yes/no)? no
>Host key verification failed.
>debug1: Calling cleanup 0x8065650(0x0)
>------------------------------------------------------------------------
>FreeBSD:
>------------------------------------------------------------------------
>OpenSSH_3.5p1 FreeBSD-20030201, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
>debug1: Reading configuration data /etc/ssh/ssh_config
>debug1: Applying options for *
>debug1: Rhosts Authentication disabled, originating port will not be trusted.
>debug1: ssh_connect: needpriv 0
>debug1: Connecting to localhost [127.0.0.1] port 22.
>debug1: Connection established.
>debug1: identity file ~/.ssh/identity type -1
>debug1: identity file ~/.ssh/id_rsa type -1
>debug1: identity file ~/.ssh/id_dsa type -1
>debug1: Remote protocol version 2.0, remote software version OpenSSH_3.5p1 FreeBSD-20030201
>debug1: match: OpenSSH_3.5p1 FreeBSD-20030201 pat OpenSSH*
>debug1: Enabling compatibility mode for protocol 2.0
>debug1: Local version string SSH-2.0-OpenSSH_3.5p1 FreeBSD-20030201
>debug1: SSH2_MSG_KEXINIT sent
>debug1: SSH2_MSG_KEXINIT received
>debug1: kex: server->client aes128-cbc hmac-md5 none
>debug1: kex: client->server aes128-cbc hmac-md5 none
>debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
>debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
>debug1: dh_gen_key: priv key bits set: 121/256
>debug1: bits set: 1570/3191
>debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
>debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
>The authenticity of host 'localhost (127.0.0.1)' can't be established.
>DSA key fingerprint is 4f:a4:6a:63:0b:f0:7f:de:0b:02:9e:5a:2a:81:b0:c8.
>Are you sure you want to continue connecting (yes/no)? no
>Host key verification failed.
>debug1: Calling cleanup 0x804c158(0x0)
>------------------------------------------------------------------------
>
>
>
--
Get X.509 certificate support in OpenSSH:
http://roumenpetrov.info/openssh
More information about the openssh-unix-dev
mailing list