* Randy Arabie (rrarabie@arabie.org) wrote:
> On Mon, 18 Feb 2002, Randy Arabie wrote:
> 
> > On Mon, 18 Feb 2002, dan radom wrote:
> > 
> > I'm no ssh expert, and I'm sure I'll be corrected if I'm wrong...
> > but here is my shot at this:
> > 
> > > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> > > debug1: Host 'pluto' is known and matches the RSA host key.
> > > debug1: Found key in /home/graffix/.ssh/known_hosts:7
> > > debug1: bits set: 1620/3191
> > 
> > That [above] says your sshd has a record of a connection from 'pluto'; there is 
> > an older public key from pluto in /home/graffix/.ssh/known_hosts
> > 
> > > ssh_rsa_verify: RSA_verify failed: error:04077068:rsa routines:RSA_verify:bad signature
> > > debug1: ssh_rsa_verify: signature incorrect
> > > key_verify failed for server_host_key
> > 
> > However, for whatever reason, the authentication didn't work.  The 'signature' 
> > passed during handshake didn't "unlock" the public key?
> > 
> > Perhaps 'pluto' is using a new set of keys now.  If you 'trust' pluto, 
> > you could just delete the record in known_hosts.  When you reconnect 
> > the client will tell you that 'pluto' is unknown, do you want to trust pluto.
> 
> I should add, that if there is _ANY_ chance that you are not talking to 
> 'pluto' in that handshake, then don't delete the record in known_hosts.
> You could be the victim of a "man in the middle" attack.
> 

i don't think there's any possibility of this having happened.  there is no connection to this sshd box available from the internet, and all access is through sshv2 hostkey authentication only.



> -- 
> Cheers!
> 
> Randy
> 
> ================================================================
> Randy Arabie
> GnuPG Key Info -- 
> 
>  Fingerprint: 7E25 DFA2 EF72 9551 9C6C  8AA6 6E8C A0F5 7E33 D981
>  Key ID: 7C603AEF
>  http://www.arabie.org/keys/rrarabie.gnupg
> ================================================================