On Tuesday 29 November 2011 09:09:14 Guillaume Nodet wrote: > To try and debug this problem, I'd try to set up a sshd server > somewhere and reproduce the problem. Once that's done, raising the > log level to debug / trace and see if there is anything meaningfull. > > Could the "Signature didn't match." mean that the database containing > the server host keys has a wrong entry for the server you're trying to > connect to ? > > On Mon, Nov 28, 2011 at 22:21, Emmanuel Grumbach <egrumb...@gmail.com> wrote: > > Hello, > > > > I am a user of Gerrit which is a java application and has an embedded > > SSH daemon. Its maintainer is Shawn Pearce from Google, and he told me > > that my question should be routed to you, so I guess Gerrit uses > > Apache MINA SSHD. > > > > I want to connect to Gerrit from a corporate server that has SSH2 only > > (no OpenSSH), and couldn't make it work. Here are the logs of the SSH > > client while trying to connect the the SSHD (on port 29418): > > > >> ssh -vvv my_usern...@x.y.com -p 29418 gerrit ls-projects > > debug: Connecting to X.Y.com, port 29418... (SOCKS not used) > > debug: Ssh2Transport/trcommon.c:3823/ssh_tr_create: My version: > > SSH-2.0-ReflectionForSecureIT_6.1.2.1 build 3005 > > debug: client supports 3 auth methods: > > 'publickey,keyboard-interactive,password' > > debug: Ssh2Common/sshcommon.c:497/ssh_common_wrap: local ip = > > ...,local port = 52040 > > debug: Ssh2Common/sshcommon.c:499/ssh_common_wrap: remote ip = > > ....,remote port = 29418 > > debug: SshConnection/sshconn.c:1998/ssh_conn_wrap: Wrapping... > > debug: > > SshReadLine/sshreadline.c:2333/ssh_readline_eloop_initialize:Initializing > > ReadLine... > > debug: Remote version: SSH-2.0-GerritCodeReview_2.2.1 > > (SSHD-CORE-0.5.1-R1095809) > > debug: Ssh2Transport/trcommon.c:1422/ssh_tr_negotiate: lang s to c:`', > > lang c to s: `' > > debug: Ssh2Transport/trcommon.c:1488/ssh_tr_negotiate: c_to_s: cipher > > aes128-cbc, mac hmac-sha1, compression none > > debug: Ssh2Transport/trcommon.c:1491/ssh_tr_negotiate: s_to_c: cipher > > aes128-cbc, mac hmac-sha1, compression none > > debug: Remote host key found from database. > > debug: SshProtoTrKex/trkex.c:564/ssh_kex_keycheck_callback: Signature > > didn't match. > > debug: Ssh2Common/sshcommon.c:98/ssh_common_disconnect: DISCONNECT > > received: Key exchange failed. > > debug: SshReadLine/sshreadline.c:2392/ssh_readline_eloop_uninitialize: > > Uninitializing ReadLine... > > warning: Authentication failed. > > Disconnected; key exchange or algorithm negotiation failed (Key > > exchange failed.). > > debug: Ssh2Common/sshcommon.c:584/ssh_common_destroy: Destroying > > SshCommon object. > > debug: SshConnection/sshconn.c:2050/ssh_conn_destroy: Destroying SshConn > > object. > > > > ls ~/.ssh2 > > authorization hostkeys id_rsa_2048_a id_rsa_2048_a.pub > > identification random_seed ssh2_config > > > >> cat authorization > > Key id_rsa_2048_a.pub > > > >> cat identification > > IdKey id_rsa_2048_a > > > > Google didn't help here. > > > > Any thoughts ? > > > > Thanks ! > > > > PS: please keep me Cced as I am not registered to the mailing list. > > > > Emmanuel Grumbach > > egrumb...@gmail.com > > > I had similar issues with Gerrit. They use client side conf: ~/.ssh/config along with a key pair. The user defined there must match the user defined in the gerrit server.
Reading your logs, I see: debug: Remote host key found from database. debug: SshProtoTrKex/trkex.c:564/ssh_kex_keycheck_callback: Signature didn't match. And this is what you should debug. Either user name was wrong or you didn't paste your pub key into the gerrit server correctly. -- /d "Do not look into laser with remaining eye." --On a laser pointer user-manual
