|
#1
February 1st, 2008, 03:58 PM
| ||||
| ||||
| ssh, keys, and faiing host-key verification hoi, firtst i need to say the situation that i'd like to debug is just a ad-hoc test solution. nothing critical... but i ran into an unexpected problem i'd like to understand. and probably i'm overlooking something simple/basic. i wanted to test the nat-setup at my current location and see if port-forwarding was working properly. so from machine A on the local network, i logged into a remote server using ssh, asuming that if port-forwarding on the local nat/router was working properly, i could from there login on machineB on the local network again. the portforwarding is not at all a problem. network traffic shows there is a successfull connection between machineB and the remote server. but the problem is that on the server ssh always fails with the 'Host key verification failed' -error. usually all three machines have keys shared between them, and to i removed those, with no effect. erased known-hosts, authorized_keys etc.. no effect regenerated/re-distributed the keypairs, no effect.. the next step would be to generate new host-keys. but since that has a bit more impact (more/other people) i was wondering if it's really needed. and above all, what is causing this failling verification? thanks, arri  |
|
#2
February 2nd, 2008, 09:15 AM
| ||||
| ||||
| I don't think you need to generate new host keys at this point. This is how I'd start debugging the problem: Select 2 machines, we'll call them 'server' and 'client'. On the client, generate a pair of keys without a passphrase: ssh-keygen -t rsa Copy id_rsa.pub onto the server and save it as ~/.ssh/authorized_keys Now on the server start a second instance of sshd on a different port with debugging enabled: sudo /usr/sbin/sshd -d -d -d -p 2022 Then from the client, issue a connection to this port with debugging enabled: ssh -v -v -v server -p 2022 The debug output should help point you in the right direction. |
|
#3
February 2nd, 2008, 10:02 AM
| ||||
| ||||
| Also check the ~/.ssh/known_hosts file to see if the hosts are listed in there. If they are, remove those lines, ssh will ask you the next time you connect to add them.
__________________ UNIX is simple and coherent, but it takes a true genius (or a programmer at any rate) to understand and appreciate its simplicity -- Dennis Ritchie |
|
#4
February 2nd, 2008, 12:12 PM
| ||||
| ||||
| thank you for your responses, i had already deleted the know_hosts-file all together.. (as you can read..  and i just realised macbri's proposed method is actually a very clever way for debugging many situations and programs in general. very nice! stupid i hadn't though of it.. thanks. i'll give it a go soon when i have some time. gr a |
