Quick follow up, I was mistaken, CheckHostIP has nothing to do with it.
ssh wouldn't be useful if it never checked the key of the server it was talking to.
Hugh Brown wrote:
I've been able to reproduce the problem by breaking my ability to write to known_hosts.Is the key for the webhost in your ~/.ssh/known_hosts and can you write to that file? With batch mode, if the ssh client can't verify the host and CheckHostIP is yes (I believe that's the default), then instead of prompting you to accept the key it will just fail. The assumption is that in batch mode, no one is around to type yes to the key verification query.Hugh Philipoff, Andrew wrote:I can ssh to and from the host without any problem. I can also run sftp without the -b flag without encountering any error messages. I only get the error messages when I try to use batchfiles. I did remove all instances of the webserver from the known_hosts file as part of my troubleshooting earlier, no change. Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hugh Brown Sent: Thursday, October 25, 2007 11:39 AM To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list Subject: Re: [rhelv5-list] Host key verification failed error when runningsftp -b Can you ssh to the host? It looks like you've got it trying to verify the ssh key for the webserver and the client doesn't have the key in its known_hosts file or it has an old one that doesn't match what the server is providing. Hugh Philipoff, Andrew wrote:I recently deployed a RHEL 5 webserver and ran into a problem when running "sftp -b batchfile hostname". I get the following errormessages: Host key verification failed. Couldn't read packet: Connection reset by peerI been using this command successfully on RHEL 4 systems and only occurs when I run it on RHEL 5 systems. It occurs when trying to connect to RHEL 4 and RHEL 5 systems from a RHEL 5 system. Anyone haveany thoughts on what is causing this and how to resolve it? Below is the output of "sftp -vv -b batchfile hostname":sftp -vv -b batchfile host.example.com OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to host.example.com [xxx.xxx.xxx.xxx] port 22. debug1: Connection established. debug1: identity file /home/webdev/.ssh/id_rsa type -1 debug1: identity file /home/webdev/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9p1 debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.3 debug2: fd 4 setting O_NONBLOCK debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie- he llman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfo ur,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-c tr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfo ur,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes192-c tr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1 -9 6,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1 -9 6,hmac-md5-96 debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie- he llman-group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256 -c bc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256 -c bc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1 -9 6,hmac-md5-96 debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sha1 -9 6,hmac-md5-96 debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: none,zlib debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: debug2: kex_parse_kexinit: first_kex_follows 0 debug2: kex_parse_kexinit: reserved 0 debug2: mac_init: found hmac-md5 debug1: kex: server->client aes128-cbc hmac-md5 none debug2: mac_init: found hmac-md5 debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug2: dh_gen_key: priv key bits set: 139/256 debug2: bits set: 517/1024 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug2: no key of type 0 for host.example.com debug2: no key of type 2 for host.example.com Host key verification failed. Couldn't read packet: Connection reset by peerAndrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco---------------------------------------------------------------------- -- _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list-- System Administrator DIVMS Computer Support Group University of Iowa Email: [EMAIL PROTECTED] Voice: 319-335-0748 _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
-- System Administrator DIVMS Computer Support Group University of Iowa Email: [EMAIL PROTECTED] Voice: 319-335-0748
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
