* Randy Arabie (rrarabie@arabie.org) wrote:
> On Mon, 18 Feb 2002, dan radom wrote:
> 
> I'm no ssh expert, and I'm sure I'll be corrected if I'm wrong...
> but here is my shot at this:
> 
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> > debug1: Host 'pluto' is known and matches the RSA host key.
> > debug1: Found key in /home/graffix/.ssh/known_hosts:7
> > debug1: bits set: 1620/3191
> 
> That [above] says your sshd has a record of a connection from 'pluto'; there is 
> an older public key from pluto in /home/graffix/.ssh/known_hosts

pluto is the sshd machine, and i have recreated all srever ssh hostkeys.  in fact i deleted them and let the sshd init script create them as well as generating them by hand using ssh-keygen.

> 
> > ssh_rsa_verify: RSA_verify failed: error:04077068:rsa routines:RSA_verify:bad signature
> > debug1: ssh_rsa_verify: signature incorrect
> > key_verify failed for server_host_key
> 
> However, for whatever reason, the authentication didn't work.  The 'signature' 
> passed during handshake didn't "unlock" the public key?
> 
> Perhaps 'pluto' is using a new set of keys now.  If you 'trust' pluto, you could just delete the record in known_hosts.  When you reconnect the client will tell you that 'pluto' is unknown, do you want to trust pluto.

the pluto entry has been removed from the clients known_hosts file.

on another note sshv1 still works, but sshv2 will not using either password or hostkey authentication.

> 
> -- 
> Cheers!
> 
> Randy
> 
> ================================================================
> Randy Arabie
> GnuPG Key Info -- 
> 
>  Fingerprint: 7E25 DFA2 EF72 9551 9C6C  8AA6 6E8C A0F5 7E33 D981
>  Key ID: 7C603AEF
>  http://www.arabie.org/keys/rrarabie.gnupg
> ================================================================