Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Bugs
[Bug 872] SSH client fails for non-root users with "Host key verification failed"
bugzilla-daemon at mindrot
May 23, 2004, 11:19 AM
Post #1 of 8 (262 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=872

Summary: SSH client fails for non-root users with "Host key
verification failed"
Product: Portable OpenSSH
Version: 3.8.1p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: ssh
AssignedTo: openssh-bugs@mindrot.org
ReportedBy: bugzilla.mindrot.org@foxtail.org


Attempting to open an ssh session to any remote host fails when attempted by a
non-root user. The error message is

ssh_askpass: exec(/usr/lib/misc/ssh-askpass): No such file or directory
Host key verification failed.

Yes, ssh-askpass is not installed as the client system is not running X. When
the root user executes the same command (ssh remoteuser@remotehost) the ssh
client displays the password prompt on stdout, accepts the password on stdin,
and opens the session successfully. I've seen evidence that others are
encountering this problem:

http://www.derkeiler.com/Mailing-Lists/securityfocus/Secure_Shell/2003-11/0016.html

and
http://lists.debian.org/debian-ssh/2004/04/msg00058.html



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 872] SSH client fails for non-root users with "Host key verification failed" [ In reply to ]
bugzilla-daemon at mindrot
May 23, 2004, 11:26 AM
Post #2 of 8 (261 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=872





------- Additional Comments From mouring@eviladmin.org 2004-05-24 05:26 -------
I would check to see if you have "SSH_ASKPASS" and "DISPLAY" are set.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 872] SSH client fails for non-root users with "Host key verification failed" [ In reply to ]
bugzilla-daemon at mindrot
May 23, 2004, 12:16 PM
Post #3 of 8 (262 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=872





------- Additional Comments From bugzilla.mindrot.org@foxtail.org 2004-05-24 06:16 -------
The "Host key verification failed" message persists even after DISPLAY is unset.
Here's a transcript of a session showing the error messages with and without
DISPLAY set, and a successful Password: prompt when run as root. (I can attach
output of ssh -vvv if it would be helpful)

Script started on Sun May 23 13:05:27 2004
[MY_USERNAME@epic] ~ [501]$ echo $DISPLAY

[MY_USERNAME@epic] ~ [502]$ echo $SSH_ASKPASS

[MY_USERNAME@epic] ~ [503]$ ssh grace.speakeasy.net
Host key verification failed.
[MY_USERNAME@epic] ~ [504]$ DISPLAY=:0 ssh grace.speakeasy.net
ssh_askpass: exec(/usr/lib/misc/ssh-askpass): No such file or directory
Host key verification failed.
[MY_USERNAME@epic] ~ [505]$ su
Password:
[root@epic] /home/MY_USERNAME [500]$ echo $DISPLAY

[root@epic] /home/MY_USERNAME [501]$ echo $ASKPASS

[root@epic] /home/MY_USERNAME [502]$ ssh MY_USERNAME@grace.speakeasy.net
Password:
[root@epic] /home/MY_USERNAME [503]$ exit
[MY_USERNAME@epic] ~ [506]$
Script done on Sun May 23 13:06:24 2004



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 872] SSH client fails for non-root users with "Host key verification failed" [ In reply to ]
bugzilla-daemon at mindrot
May 23, 2004, 12:44 PM
Post #4 of 8 (261 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=872





------- Additional Comments From mouring@eviladmin.org 2004-05-24 06:43 -------
Sounds like you have a bad .ssh/known_hosts entry. Compare the entry with that of roots. I suspect
you'll find them to be different.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 872] SSH client fails for non-root users with "Host key verification failed" [ In reply to ]
bugzilla-daemon at mindrot
May 23, 2004, 2:23 PM
Post #5 of 8 (261 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=872





------- Additional Comments From bugzilla.mindrot.org@foxtail.org 2004-05-24 08:23 -------
Negative, there is no ~/.ssh/known_hosts file at all. I confirmed that it
applies to all nonroot accounts by creating a new user and trying to ssh as that
new user -- same thing.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 872] SSH client fails for non-root users with "Host key verification failed" [ In reply to ]
bugzilla-daemon at mindrot
May 23, 2004, 3:10 PM
Post #6 of 8 (261 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=872





------- Additional Comments From dtucker@zip.com.au 2004-05-24 09:10 -------
Does /dev/tty exist and does it have the correct permissions?
$ ls -l /dev/tty
crw-rw-rw- 1 root root 5, 0 May 12 13:29 /dev/tty




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 872] SSH client fails for non-root users with "Host key verification failed" [ In reply to ]
bugzilla-daemon at mindrot
May 23, 2004, 7:27 PM
Post #7 of 8 (264 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=872





------- Additional Comments From bugzilla.mindrot.org@foxtail.org 2004-05-24 13:27 -------
/dev/tty is mode 660 rather than 666 as shown below:

[root@epic] ~ [504]$ ls -l /dev/tty
crw-rw---- 1 root root 5, 0 Dec 31 1969 /dev/tty

Could the difference in permissions be a BSD vs. Linux issue? I've never
changed any permissions in /dev so they were determined by the Gentoo
maintainers. When I changed the permissions to 666 the problem was resolved,
however I'm curious if they were originally set to 660 for a good reason.

Also, a Google search using some keywords from the previous comment reveals that
this bug appears to be a duplicate of bug 471 for which a patch has been
submitted. For now I've changed permissions on /dev/tty which has resolved the
issue -- thanks to everyone for your assistance.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 872] SSH client fails for non-root users with "Host key verification failed" [ In reply to ]
bugzilla-daemon at mindrot
May 23, 2004, 7:36 PM
Post #8 of 8 (261 views)
Permalink
http://bugzilla.mindrot.org/show_bug.cgi?id=872

dtucker@zip.com.au changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |DUPLICATE



------- Additional Comments From dtucker@zip.com.au 2004-05-24 13:36 -------
No, a mode 660 /dev/tty is not a BSD/Linux thing, it's just wrong, and if
Gentoo's installer makes it that way then it's buggy.

*** This bug has been marked as a duplicate of 471 ***



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal