Thanks, the ~./ssh/known_hosts permissions on my RHEL 5 systems are the same as those on my RHEL 4 systems.
Andrew Philipoff Programmer Analyst Information Technology Services Department of Medicine University of California, San Francisco Phone: 415-476-1344 Help Desk: 415-476-6827 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hugh Brown Sent: Thursday, October 25, 2007 12:41 PM To: [email protected] Subject: Re: [rhelv5-list] Host key verification failed error when runningsftp-b Quick follow up, I was mistaken, CheckHostIP has nothing to do with it. ssh wouldn't be useful if it never checked the key of the server it was talking to. Hugh Brown wrote: > I've been able to reproduce the problem by breaking my ability to > write to known_hosts. > > Is the key for the webhost in your ~/.ssh/known_hosts and can you > write to that file? With batch mode, if the ssh client can't verify > the host and CheckHostIP is yes (I believe that's the default), then > instead of prompting you to accept the key it will just fail. The > assumption is that in batch mode, no one is around to type yes to the > key verification query. > > Hugh > > > Philipoff, Andrew wrote: >> I can ssh to and from the host without any problem. I can also run >> sftp without the -b flag without encountering any error messages. I >> only get the error messages when I try to use batchfiles. I did >> remove all instances of the webserver from the known_hosts file as >> part of my troubleshooting earlier, no change. >> >> Andrew Philipoff >> Programmer Analyst >> Information Technology Services >> Department of Medicine >> University of California, San Francisco >> Phone: 415-476-1344 >> Help Desk: 415-476-6827 >> >> >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED] On Behalf Of Hugh Brown >> Sent: Thursday, October 25, 2007 11:39 AM >> To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list >> Subject: Re: [rhelv5-list] Host key verification failed error when >> runningsftp -b >> >> Can you ssh to the host? >> >> It looks like you've got it trying to verify the ssh key for the >> webserver and the client doesn't have the key in its known_hosts file >> or it has an old one that doesn't match what the server is providing. >> >> Hugh >> >> Philipoff, Andrew wrote: >>> I recently deployed a RHEL 5 webserver and ran into a problem when >>> running "sftp -b batchfile hostname". I get the following error >>> messages: >>> >>> Host key verification failed. >>> >>> Couldn't read packet: Connection reset by peer >>> >>> >>> >>> I been using this command successfully on RHEL 4 systems and only >>> occurs when I run it on RHEL 5 systems. It occurs when trying to >>> connect to RHEL 4 and RHEL 5 systems from a RHEL 5 system. Anyone >>> have >> >>> any thoughts on what is causing this and how to resolve it? Below is >>> the output of "sftp -vv -b batchfile hostname": >>> >>> >>> >>> sftp -vv -b batchfile host.example.com >>> >>> OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006 >>> >>> debug1: Reading configuration data /etc/ssh/ssh_config >>> >>> debug1: Applying options for * >>> >>> debug2: ssh_connect: needpriv 0 >>> >>> debug1: Connecting to host.example.com [xxx.xxx.xxx.xxx] port 22. >>> >>> debug1: Connection established. >>> >>> debug1: identity file /home/webdev/.ssh/id_rsa type -1 >>> >>> debug1: identity file /home/webdev/.ssh/id_dsa type -1 >>> >>> debug1: Remote protocol version 2.0, remote software version >>> OpenSSH_3.9p1 >>> >>> debug1: match: OpenSSH_3.9p1 pat OpenSSH_3.* >>> >>> debug1: Enabling compatibility mode for protocol 2.0 >>> >>> debug1: Local version string SSH-2.0-OpenSSH_4.3 >>> >>> debug2: fd 4 setting O_NONBLOCK >>> >>> debug1: SSH2_MSG_KEXINIT sent >>> >>> debug1: SSH2_MSG_KEXINIT received >>> >>> debug2: kex_parse_kexinit: >>> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffi >>> e- >>> he >>> llman-group1-sha1 >>> >>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >>> >>> debug2: kex_parse_kexinit: >>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,a >>> rc >>> fo >>> ur,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes1 >>> 92 >>> -c >>> tr,aes256-ctr >>> >>> debug2: kex_parse_kexinit: >>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,a >>> rc >>> fo >>> ur,aes192-cbc,aes256-cbc,[EMAIL PROTECTED],aes128-ctr,aes1 >>> 92 >>> -c >>> tr,aes256-ctr >>> >>> debug2: kex_parse_kexinit: >>> hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sh >>> a1 >>> -9 >>> 6,hmac-md5-96 >>> >>> debug2: kex_parse_kexinit: >>> hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sh >>> a1 >>> -9 >>> 6,hmac-md5-96 >>> >>> debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib >>> >>> debug2: kex_parse_kexinit: none,[EMAIL PROTECTED],zlib >>> >>> debug2: kex_parse_kexinit: >>> debug2: kex_parse_kexinit: >>> debug2: kex_parse_kexinit: first_kex_follows 0 >>> >>> debug2: kex_parse_kexinit: reserved 0 >>> >>> debug2: kex_parse_kexinit: >>> diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffi >>> e- >>> he >>> llman-group1-sha1 >>> >>> debug2: kex_parse_kexinit: ssh-rsa,ssh-dss >>> >>> debug2: kex_parse_kexinit: >>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes2 >>> 56 -c >>> bc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr >>> >>> debug2: kex_parse_kexinit: >>> aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes2 >>> 56 -c >>> bc,[EMAIL PROTECTED],aes128-ctr,aes192-ctr,aes256-ctr >>> >>> debug2: kex_parse_kexinit: >>> hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sh >>> a1 >>> -9 >>> 6,hmac-md5-96 >>> >>> debug2: kex_parse_kexinit: >>> hmac-md5,hmac-sha1,hmac-ripemd160,[EMAIL PROTECTED],hmac-sh >>> a1 >>> -9 >>> 6,hmac-md5-96 >>> >>> debug2: kex_parse_kexinit: none,zlib >>> >>> debug2: kex_parse_kexinit: none,zlib >>> >>> debug2: kex_parse_kexinit: >>> debug2: kex_parse_kexinit: >>> debug2: kex_parse_kexinit: first_kex_follows 0 >>> >>> debug2: kex_parse_kexinit: reserved 0 >>> >>> debug2: mac_init: found hmac-md5 >>> >>> debug1: kex: server->client aes128-cbc hmac-md5 none >>> >>> debug2: mac_init: found hmac-md5 >>> >>> debug1: kex: client->server aes128-cbc hmac-md5 none >>> >>> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent >>> >>> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP >>> >>> debug2: dh_gen_key: priv key bits set: 139/256 >>> >>> debug2: bits set: 517/1024 >>> >>> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent >>> >>> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY >>> >>> debug2: no key of type 0 for host.example.com >>> >>> debug2: no key of type 2 for host.example.com >>> >>> Host key verification failed. >>> >>> Couldn't read packet: Connection reset by peer >>> >>> >>> >>> Andrew Philipoff >>> Programmer Analyst >>> Information Technology Services >>> Department of Medicine >>> University of California, San Francisco >>> >>> >>> >>> >>> >>> >>> -------------------------------------------------------------------- >>> -- >>> -- >>> >>> _______________________________________________ >>> rhelv5-list mailing list >>> [email protected] >>> https://www.redhat.com/mailman/listinfo/rhelv5-list >> >> -- >> System Administrator >> DIVMS Computer Support Group >> >> University of Iowa >> Email: [EMAIL PROTECTED] >> Voice: 319-335-0748 >> >> >> _______________________________________________ >> rhelv5-list mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/rhelv5-list > -- System Administrator DIVMS Computer Support Group University of Iowa Email: [EMAIL PROTECTED] Voice: 319-335-0748 _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
