"Verifica chiave host non riuscita" nonostante l'eliminazione di noti_host

2

So cosa significa questo errore e di solito rimuovo quella voce dal file known_hosts e procedo con esso (quando so perché la verifica ha esito negativo).

Questa volta ho ancora ricevuto l'errore dopo aver rimosso la voce specifica per l'host da known_hosts, quindi ho rimosso tutte le voci e ho ancora ricevuto l'errore, quindi ho rimosso l'intero file known_hosts e ho ancora ricevuto l'errore?!

Ho riscontrato questo problema su tutti gli host.

Ho appena spostato .ssh in .ssh-bak, ho copiato le mie chiavi nella nuova directory e ho ancora ricevuto l'errore.

Qual è la causa di questo?

$ ssh -vvv [email protected]
OpenSSH_7.3p1, LibreSSL 2.4.1
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug2: resolving "github.com" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to github.com [192.30.253.113] port 22.
debug1: Connection established.
debug1: identity file /Users/herbert/.ssh/id_rsa type 1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/herbert/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/herbert/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/herbert/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/herbert/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/herbert/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/herbert/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /Users/herbert/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.3
debug1: Remote protocol version 2.0, remote software version libssh-0.7.0
debug1: no match: libssh-0.7.0
debug2: fd 5 setting O_NONBLOCK
debug1: Authenticating to github.com:22 as 'git'
debug3: hostkeys_foreach: reading file "/Users/herbert/.ssh/known_hosts"
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: [email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected],zlib
debug2: compression stoc: none,[email protected],zlib
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: host key algorithms: ssh-dss,ssh-rsa
debug2: ciphers ctos: [email protected],aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc
debug2: ciphers stoc: [email protected],aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc
debug2: MACs ctos: hmac-sha1,hmac-sha2-256,hmac-sha2-512
debug2: MACs stoc: hmac-sha1,hmac-sha2-256,hmac-sha2-512
debug2: compression ctos: none,zlib,[email protected]
debug2: compression stoc: none,zlib,[email protected]
debug2: languages ctos: 
debug2: languages stoc: 
debug2: first_kex_follows 0 
debug2: reserved 0 
debug1: kex: algorithm: [email protected]
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
debug3: hostkeys_foreach: reading file "/Users/herbert/.ssh/known_hosts"
debug3: hostkeys_foreach: reading file "/Users/herbert/.ssh/known_hosts"
Host key verification failed.

$ ssh -G github.com
user herbert
hostname github.com
port 22
addressfamily any
batchmode yes
canonicalizefallbacklocal yes
canonicalizehostname false
challengeresponseauthentication yes
checkhostip yes
compression no
controlmaster false
enablesshkeysign no
clearallforwardings no
exitonforwardfailure no
fingerprinthash SHA256
forwardagent no
forwardx11 no
forwardx11trusted no
gatewayports no
gssapiauthentication no
gssapidelegatecredentials no
hashknownhosts no
hostbasedauthentication no
identitiesonly no
kbdinteractiveauthentication yes
nohostauthenticationforlocalhost no
passwordauthentication yes
permitlocalcommand no
protocol 2
proxyusefdpass no
pubkeyauthentication yes
requesttty auto
rhostsrsaauthentication no
rsaauthentication yes
streamlocalbindunlink no
stricthostkeychecking ask
tcpkeepalive yes
tunnel false
useprivilegedport no
verifyhostkeydns false
visualhostkey no
updatehostkeys false
canonicalizemaxdots 1
compressionlevel 6
connectionattempts 1
forwardx11timeout 1200
numberofpasswordprompts 3
serveralivecountmax 3
serveraliveinterval 0
ciphers [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
hostkeyalgorithms [email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
hostbasedkeytypes [email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
kexalgorithms [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
loglevel INFO
macs [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
pubkeyacceptedkeytypes [email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
xauthlocation xauth
identityfile ~/.ssh/id_rsa
identityfile ~/.ssh/id_dsa
identityfile ~/.ssh/id_ecdsa
identityfile ~/.ssh/id_ed25519
canonicaldomains
globalknownhostsfile /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2
userknownhostsfile ~/.ssh/known_hosts ~/.ssh/known_hosts2
sendenv LANG
sendenv LC_*
connecttimeout none
tunneldevice any:any
controlpersist no
escapechar ~
ipqos lowdelay throughput
rekeylimit 0 0
streamlocalbindmask 0177

Quasi tutto in dev ha queste autorizzazioni:

0 crw-rw-rw- 1 root wheel 2, 0 22 Mar 10:07 tty 

Questi 4 potrebbero aver qualcosa a che fare con questo?

0 crw--w---- 1 herbert tty 16, 0 12 Mar 12:55 ttys000 
0 crw--w---- 1 herbert tty 16, 1 22 Mar 15:12 ttys001 
0 crw--w---- 1 herbert tty 16, 2 22 Mar 15:14 ttys002 
0 crw--w---- 1 herbert tty 16, 3 22 Mar 17:44 ttys003 
0 crw--w---- 1 herbert tty 16, 4 22 Mar 17:44 ttys004


$ ls -lsa ~/.ssh
total 24 
0 drwx------ 5 herbert staff 170 22 Mar 15:39 . 
0 drwxr-xr-x+ 114 herbert staff 3876 22 Mar 15:29 .. 
8 -rw------- 1 herbert staff 1675 22 Mar 15:31 id_rsa 
8 -rw-r--r-- 1 herbert staff 414 22 Mar 15:31 id_rsa.pub 
8 -rw-r--r-- 1 herbert staff 848 22 Mar 16:42 known_hosts
    
posta Copenhagen 22.03.2017 - 20:27
fonte

3 risposte

0

Poiché Sierra ha rimosso le riparazioni delle autorizzazioni, ho potuto provare solo la riparazione del disco che, pur avendo successo, non ha risolto il problema. Sebbene meno soddisfacente rispetto alla ricerca della causa sarebbe stato, riavviare in modalità di ripristino e reinstallare Sierra ha rimosso il problema.

    
risposta data 27.03.2017 - 14:44
fonte
0

(dalla chat) Come soluzione alternativa, puoi scaricare la chiave pubblica da github usando

ssh-keyscan github.com > ~/.ssh/known_hosts

Ma ho esaurito le idee su quale sia il problema di base, dal momento che sia la configurazione che i registri di debug mi sembrano interessanti.

    
risposta data 22.03.2017 - 21:51
fonte
0

È possibile questa risposta risolve il tuo problema? Replicato qui nell'interesse della completezza:

Prova sudo chmod 666 /dev/tty per assegnare le autorizzazioni appropriate a /dev/tty - che potrebbe essere stato inavvertitamente cambiato. Se vuoi anticipare, puoi ls -la /dev/tty per controllare le autorizzazioni correnti e vedere se sono già rw-rw-rw .

    
risposta data 22.03.2017 - 22:43
fonte

Leggi altre domande sui tag