I hate magic! I've done nothing this morning (well, I did try the -vvv options for ssh and the loglevel options for sshd), but suddenly I can log in properly from the hosts that didn't work ten minutes ago. Seems like some cache that expired, but it's still a mystery.
Thanks to those who offered suggestions! On Thu, Oct 3, 2013 at 1:15 AM, Tilghman Lesher <[email protected]>wrote: > I would suggest adding "-vvv" to your ssh command. The debugging > information will generally show you where the error lies. If that > doesn't get it, you can also change the LogLevel in > /etc/ssh/sshd_config from INFO (default) to DEBUG, restart sshd, and > look at your system logs. > > On Wed, Oct 2, 2013 at 5:05 PM, Curt Lundgren <[email protected]> wrote: > > I regenerated the server SSH keys, which are separate from the root user > SSH > > keys: > > > > ssh_host_dsa_key > > ssh_host_key > > ssh_host_rsa_key > > > > > > > > On Wed, Oct 2, 2013 at 5:02 PM, Chris McQuistion < > [email protected]> > > wrote: > >> > >> Curt, did you run "ssh-keygen -t rsa" to generate the RSA key on this > new > >> server? Did you include a passphrase when it ran? > >> > >> > >> On Wed, Oct 2, 2013 at 4:48 PM, Curt Lundgren <[email protected]> > wrote: > >>> > >>> Thanks, Dave. I can reboot one of the clients in the morning, perhaps > >>> that will clear up the issue. > >>> > >>> Curt > >>> > >>> > >>> On Wed, Oct 2, 2013 at 4:45 PM, Dave Manginelli > >>> <[email protected]> wrote: > >>>> > >>>> I'm at a client's site so I can't test this or be more specific but > this > >>>> sounds to me like the host key of the "old" machine is cached in the > client > >>>> and it does not match the host key of the machine now residing at > that IP. > >>>> You can test this by using the HostKeyAlias parameter when you > connect from > >>>> the client and setting it to any arbitrary name NOT in actual use on > your > >>>> network. It should ask you if you accept the new host key and then > connect > >>>> automatically after that as long as the same HostKeyAlias is > supplied. You > >>>> can fix it by clearing the key for that IP address on the client but > I don't > >>>> remember where it's located and am not able to pursue it right now. > >>>> > >>>> Maybe this will point you in the right direction... > >>>> > >>>> > >>>> > >>>> On Wed, Oct 2, 2013 at 4:22 PM, Curt Lundgren <[email protected]> > >>>> wrote: > >>>>> > >>>>> I've just built a couple of CentOS 6.4 machines, and need to use a > >>>>> no-password RSA key login to root. No flames please about logging > in as > >>>>> root. > >>>>> > >>>>> Had it working on both machines, but when I changed the "main" IP > >>>>> address so the new machine could take over for an ailing one, the > login > >>>>> capability was lost. I can do a password login, but not with the > RSA key. > >>>>> > >>>>> Thought it might be the server SSH keys, as though they're somehow > tied > >>>>> to IP addresses, so I regenerated them. No joy. I've tried logging > in from > >>>>> a couple of different boxes (Linux and Mac), still no joy. > >>>>> > >>>>> The other server got built, got its "main" IP address changed, and is > >>>>> working just fine. I did a diff between sshd_config on both > machines; the > >>>>> files are identical. > >>>>> > >>>>> I'm scratching my head and it's starting to hurt. Any ideas? (I > know, > >>>>> stop scratching.) > >>>>> > >>>>> Curt > >>>>> > >>>>> -- > >>>>> -- > >>>>> You received this message because you are subscribed to the Google > >>>>> Groups "NLUG" group. > >>>>> To post to this group, send email to [email protected] > >>>>> To unsubscribe from this group, send email to > >>>>> [email protected] > >>>>> For more options, visit this group at > >>>>> http://groups.google.com/group/nlug-talk?hl=en > >>>>> > >>>>> --- > >>>>> You received this message because you are subscribed to the Google > >>>>> Groups "NLUG" group. > >>>>> To unsubscribe from this group and stop receiving emails from it, > send > >>>>> an email to [email protected]. > >>>>> For more options, visit https://groups.google.com/groups/opt_out. > >>>> > >>>> > >>>> -- > >>>> -- > >>>> You received this message because you are subscribed to the Google > >>>> Groups "NLUG" group. > >>>> To post to this group, send email to [email protected] > >>>> To unsubscribe from this group, send email to > >>>> [email protected] > >>>> For more options, visit this group at > >>>> http://groups.google.com/group/nlug-talk?hl=en > >>>> > >>>> --- > >>>> You received this message because you are subscribed to the Google > >>>> Groups "NLUG" group. > >>>> To unsubscribe from this group and stop receiving emails from it, send > >>>> an email to [email protected]. > >>>> For more options, visit https://groups.google.com/groups/opt_out. > >>> > >>> > >>> -- > >>> -- > >>> You received this message because you are subscribed to the Google > Groups > >>> "NLUG" group. > >>> To post to this group, send email to [email protected] > >>> To unsubscribe from this group, send email to > >>> [email protected] > >>> For more options, visit this group at > >>> http://groups.google.com/group/nlug-talk?hl=en > >>> > >>> --- > >>> You received this message because you are subscribed to the Google > Groups > >>> "NLUG" group. > >>> To unsubscribe from this group and stop receiving emails from it, send > an > >>> email to [email protected]. > >>> For more options, visit https://groups.google.com/groups/opt_out. > >> > >> > >> -- > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "NLUG" group. > >> To post to this group, send email to [email protected] > >> To unsubscribe from this group, send email to > >> [email protected] > >> For more options, visit this group at > >> http://groups.google.com/group/nlug-talk?hl=en > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups > >> "NLUG" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to [email protected]. > >> For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > > -- > > You received this message because you are subscribed to the Google Groups > > "NLUG" group. > > To post to this group, send email to [email protected] > > To unsubscribe from this group, send email to > > [email protected] > > For more options, visit this group at > > http://groups.google.com/group/nlug-talk?hl=en > > > > --- > > You received this message because you are subscribed to the Google Groups > > "NLUG" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/groups/opt_out. > > -- > -- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nlug-talk?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "NLUG" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
