Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: SSH2 - signature didn't match with host key
Operating Systems HP-UX SSH2 - signature didn't match with host key Post 302842703 by Stars on Friday 9th of August 2013 05:19:46 PM
Old 08-09-2013
Question SSH2 - signature didn't match with host key
I am trying to complete ssh2 connection between HP-UX and CoreFTP. The host key authentication fails with signature didn't match. See below output. I can connect to this CoreFTP from my Windows desktop, and connect to a multitude of other servers from the HP-UX system as well, but have encountered this error on this particular connection.
Code:
debug: Remote version: SSH-2.0-CoreFTP-0.3.2
debug: Ssh2Transport/trcommon.c:1397: lang s to c: `', lang c to s: `'
debug: Ssh2Transport/trcommon.c:1462: c_to_s: cipher aes128-cbc, mac hmac-sha1, 
compression none
debug: Ssh2Transport/trcommon.c:1465: s_to_c: cipher aes128-cbc, mac hmac-sha1, 
compression none
debug: SshKeyFile/sshkeyfile.c:362: file /xxxx/xxxx/.ssh2/hostkeys/key_22_70
.109.223.36.pub does not exist.
debug: SshKeyFile/sshkeyfile.c:362: file /etc/ssh2/hostkeys/key_22_11.222.333.44
.pub does not exist.
Host key not found from database.
Key fingerprint:
xonjjj-beaas-cccel-vrrab-cyhyr-fdlab-tbtez-pjkiz-fsryn-licwl-hjxax
You can get a public key's fingerprint by running
% ssh-keygen -F publickey.pub
on the keyfile.
Are you sure you want to continue connecting (yes/no)? yes
Host key saved to /xxxx/xxxx/.ssh2/hostkeys/key_22_11.222.333.44.pub
host key for 11.222.333.44, accepted by xxxx Mon Jul 29 2013 14:05:53 -0500
debug: SshProtoTrKex/trkex.c:569: Signature didn't match.
debug: Ssh2Common/sshcommon.c:169: DISCONNECT received: Key exchange failed.
debug: SshReadLine/sshreadline.c:2245: Uninitializing ReadLine...
debug: Ssh2/ssh2.c:685: Returning user input stream to original values.
warning: Authentication failed.
Disconnected; key exchange or algorithm negotiation failed (Key exchange failed.
).
Sftp2/sftp2.c:3965: buffer: 'AUTHENTICATED NO

Has anyone encountered this and have a resolution. Thx.
Last edited by Scott; 08-10-2013 at 02:29 AM.. Reason: Code tags
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

RSA host key addition

Guys How do i add RSA key for a host ? I was able to connect to a host some time back but now its not connectable ,via SSH. Message i get is : abhi@myHost:~/.ssh> ssh eatcid@yourHost @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION... (3 Replies)
Discussion started by: ak835
3 Replies

2. Shell Programming and Scripting

Host Key verification failed

Hi, I am running a script to scp a file from one server to another. I have created the public/private key and copied the public key to the other server and appended it to authorized_key file. But i am getting the error message saying "Host Key verification failed" Connection lost. It works well... (3 Replies)
Discussion started by: ahamed
3 Replies

3. UNIX for Dummies Questions & Answers

host key issue via java

Hi, I am encountering below mentioned exception when I execute my Java program that is supposed to SFTP the file from one server over to another. Can you please tell me some pointers to resolve this issue? Exception HostName- 10.1.1.1 ; userName- bmsftp log4j:WARN No appenders could be... (0 Replies)
Discussion started by: prashant.ladha
0 Replies

4. UNIX for Dummies Questions & Answers

Host key verification failed in openssh

Experts, We are trying to make a key-based authentication from Server A to Server B. Server A is installed with openshh. Server B runs "Sun_SSH_1.1". Server A's rsa2 public key has been added into the server B's authorized_keys. We are sure that permission settings of the files and folders in... (1 Reply)
Discussion started by: rprajendran
1 Replies

5. Cybersecurity

Request for SSH2 public key

Hey all, I have a request from a third party that will be setting my firm up for an account so we can sftp files to their server in a Production environment. I know where the public keys are located on our Red Hat Linux envronment. I was going to ftp the keys from the Linux environment over to my... (2 Replies)
Discussion started by: dfb500
2 Replies

6. Shell Programming and Scripting

Script to check if host key authentication is setup

Hey all, I have a script that I use for some automated installs. Unfortunately for the script to work the server that it's running from needs to have host-key authentication setup to the target server. If it isn't setup beforehand and the script is executed the install partially completes and... (1 Reply)
Discussion started by: Rike255
1 Replies

7. Solaris

Ssh between servers - No DSA host key is known

It seems I can do ssh <IP> but not ssh <hostname> If I try to ssh to hostname I get the error - No DSA host key is known for host1 and you have requested strict checking. Host key verification failed. Where do I set up the DSA keys? Is it ssh_known_hosts? Assume afterwards I can... (3 Replies)
Discussion started by: psychocandy
3 Replies

8. UNIX for Advanced & Expert Users

Ssh2 key has been overwritten, need a way to restore

I had generated a ssh2 key on my AIX box, to receive files from other AIX and Linux systems. Key Name: id_ssh2_server.pub However this ssh2 key (both public and private keys) has been overwritten, while I was generating another ssh2 key. Now the earlier configured target systems are not able... (3 Replies)
Discussion started by: freakygs
3 Replies

9. UNIX for Beginners Questions & Answers

Host key verification failed error

HI i am getting host key verification failed error. # cat id_rsa.pub | ssh root@10.110.51.245 'cat >> .ssh/authorized_keys;exit;' cat: id_rsa.pub: No such file or directory @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! ... (3 Replies)
Discussion started by: scriptor
3 Replies

10. Solaris

Change from weak ssh host key to strong one

Hi, I got instructions from Security audit team for Solaris-10 server. They mentioned - "The sshd configuration on the host supported weak host keys and allowed password authentication on Solaris server. Enable stronger keys (2048 or 4096 bit)". I am not clear enough, what they mean by weak... (7 Replies)
Discussion started by: solaris_1977
7 Replies

LEARN ABOUT PLAN9

ssh-keysign

ssh-keysign(1M)                                                                                                                    ssh-keysign(1M)

NAME

       ssh-keysign - ssh helper program for host-based authentication

SYNOPSIS

       ssh-keysign

       ssh-keysign  is  used  by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication
       with SSH protocol version 2. This signature is of data that includes, among other items, the name of the client host and the  name  of  the
       client user.

       ssh-keysign  is  disabled  by  default and can be enabled only in the global client configuration file /etc/ssh/ssh_config by setting Host-
       basedAuthentication to yes.

       ssh-keysign is not intended to be invoked by the user, but from ssh. See ssh(1) and sshd(1M) for more information about host-based  authen-
       tication.

       /etc/ssh/ssh_config

           Controls whether ssh-keysign is enabled.

       /etc/ssh/ssh_host_dsa_key
       /etc/ssh/ssh_host_rsa_key

           These  files  contain the private parts of the host keys used to generate the digital signature. They should be owned by root, readable
           only by root, and not accessible to others. Because they are readable only by root, ssh-keysign must  be  set-uid  root  if  host-based
           authentication is used.

       ssh-keysign will not sign host-based authentication data under the following conditions:

         o  If the HostbasedAuthentication client configuration parameter is not set to yes in /etc/ssh/ssh_config. This setting cannot be overri-
            den in users' ~/.ssh/ssh_config files.

         o  If the client hostname and username in /etc/ssh/ssh_config do not match the canonical hostname of  the  client  where  ssh-keysign  is
            invoked and the name of the user invoking ssh-keysign.

       In  spite of ssh-keysign's restrictions on the contents of the host-based authentication data, there remains the ability of users to use it
       as an avenue for obtaining the client's private host keys. For this reason host-based authentication is turned off by default.

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE         |      ATTRIBUTE VALUE        |
       +-----------------------------+-----------------------------+
       |Availability                 |SUNWsshu                     |
       +-----------------------------+-----------------------------+
       |Interface Stability          |Evolving                     |
       +-----------------------------+-----------------------------+

       ssh(1), sshd(1M), ssh_config(4), attributes(5)

AUTHORS

       Markus Friedl, markus@openbsd.org

HISTORY

       ssh-keysign first appeared in Ox 3.2.

                                                                    9 Jun 2004                                                     ssh-keysign(1M)
All times are GMT -4. The time now is 05:04 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy