I can ssh to and from the host without any problem. I can also run sftp without the -b flag without encountering any error messages. I only get the error messages when I try to use batchfiles. I did remove all instances of the webserver from the known_hosts file as part of my troubleshooting earlier, no change.
Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hugh Brown Sent: Thursday, October 25, 2007 11:39 AM To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list Subject: Re: [rhelv5-list] Host key verification failed error when runningsftp -b Can you ssh to the host? It looks like you've got it trying to verify the ssh key for the webserver and the client doesn't have the key in its known_hosts file or it has an old one that doesn't match what the server is providing. Hugh Philipoff, Andrew wrote: > I recently deployed a RHEL 5 webserver and ran into a problem when > running "sftp -b batchfile hostname". I get the following error > messages: > > Host key verification failed. > > Couldn't read packet: Connection reset by peer > > > > I been using this command successfully on RHEL 4 systems and only > occurs when I run it on RHEL 5 systems. It occurs when trying to > connect to RHEL 4 and RHEL 5 systems from a RHEL 5 system. Anyone have > any thoughts on what is causing this and how to resolve it? Below is > the output of "sftp -vv -b batchfile hostname": > > > > sftp -vv -b batchfile host.example.com > > OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006 > > debug1: Reading configuration data /etc/ssh/ssh_config > > debug1: Applying options for * > > debug2: ssh_connect: needpriv 0 > > debug1: Connecting to host.example.com [xxx.xxx.xxx.xxx] port 22. > > debug1: Connection established. > > debug1: identity file /home/webdev/.ssh/id_rsa type -1 > > debug1: identity file /home/webdev/.ssh/id_dsa type -1 > > debug1: Remote protocol version 2.0, remote software version > OpenSSH_3.9p1 > > debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.* > > debug1: Enabling compatibility mode for protocol 2.0 > > debug1: Local version string SSH-2.0-OpenSSH_4.3 > > debug2: fd 4 setting O_NONBLOCK > > debug1: SSH2_MSG_KEXINIT sent > > debug1: SSH2_MSG_KEXINIT received > > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie- > he > llman-group1-sha1 > > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arc > fo > ur,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192 > -c > tr,aes256-ctr > > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arc > fo > ur,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192 > -c > tr,aes256-ctr > > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1 > -9 > 6,hmac-md5-96 > > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1 > -9 > 6,hmac-md5-96 > > debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib > > debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: first_kex_follows 0 > > debug2: kex_parse_kexinit: reserved 0 > > debug2: kex_parse_kexinit: > diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie- > he > llman-group1-sha1 > > debug2: kex_parse_kexinit: ssh-rsa,ssh-dss > > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256 > -c bc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > > debug2: kex_parse_kexinit: > aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256 > -c bc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr > > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1 > -9 > 6,hmac-md5-96 > > debug2: kex_parse_kexinit: > hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1 > -9 > 6,hmac-md5-96 > > debug2: kex_parse_kexinit: none,zlib > > debug2: kex_parse_kexinit: none,zlib > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: > > debug2: kex_parse_kexinit: first_kex_follows 0 > > debug2: kex_parse_kexinit: reserved 0 > > debug2: mac_init: found hmac-md5 > > debug1: kex: server->client aes128-cbc hmac-md5 none > > debug2: mac_init: found hmac-md5 > > debug1: kex: client->server aes128-cbc hmac-md5 none > > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent > > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > > debug2: dh_gen_key: priv key bits set: 139/256 > > debug2: bits set: 517/1024 > > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > > debug2: no key of type 0 for host.example.com > > debug2: no key of type 2 for host.example.com > > Host key verification failed. > > Couldn't read packet: Connection reset by peer > > > > Andrew Philipoff > Programmer Analyst > Information Technology Services > Department of Medicine > University of California, San Francisco > > > > > > > ---------------------------------------------------------------------- > -- > > _______________________________________________ > rhelv5-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/rhelv5-list -- System Administrator DIVMS Computer Support Group University of Iowa Email: [EMAIL PROTECTED] Voice: 319-335-0748 _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
