# ssh error on user accounts [workaround found]

## flickerfly

I deleted ~/.ssh, but am still getting the following error.

```
ssh_askpass: exec(/usr/lib/misc/ssh-askpass): No such file or directory

Host key verification failed.
```

I can ssh successfully as root. I don't have any other accounts on the box atm. Also, askpass is not installed, only ssh. This just showed up after returning to work after the weekend.

```
>> emerge -s askpass

Searching...   

[ Results for search key : askpass ]

[ Applications found : 2 ]

 

*  net-misc/gtk2-ssh-askpass

      Latest version available: 0.3

      Latest version installed: [ Not Installed ]

      Size of downloaded files: 13 kB

      Homepage:    http://www.cgabriel.org/sw/gtk2-ssh-askpass/

      Description: A small SSH Askpass replacement written with GTK2.

*  net-misc/x11-ssh-askpass

      Latest version available: 1.2.2-r1

      Latest version installed: [ Not Installed ]

      Size of downloaded files: 28 kB

      Homepage:    http://www.liquidmeme.net/software/x11-ssh-askpass/

      Description: X11-based passphrase dialog for use with OpenSSH

```

I used which to check to make sure root and I are running the same binary and they are both at /usr/bin/ssh. Anyone have any other ideas for me?

----------

## ariejan

ssh as root is bad. Add a normal user account, and just ssh to the box. I don't know, but I've never in my life used ask-pass.

----------

## flickerfly

I've never used askpass either and never ssh from root, except that I was troubleshooting here. It is unrealistic to switch users each time I want to ssh to another box. That changes permissions of the user and thereby means I have to re-chmod all my files what I want to send over the connection with scp which is a large part of what I do with ssh. 

I need to know what the problem is. I've got work arounds.

----------

## Jaxom

I would try adding a new user to the box and trying to ssh with the new account.  That will aleast narrow it down a little.  It's possible it's something in your specific user account.

I'm not the best diagnostician though, just thought I'd offer a suggestion as to where I would look first  :Smile: 

----------

## flickerfly

I broke down and created another account. This one has the same problem. It's a fresh account. Never been used. I'm left thinking it is a problem for all regular users. I also unmerge'd and re-merge'd openssh and that had no affect on the issue. (yes I ran etc-update also)

----------

## UberLord

ask-pass afaik is a virtual program for an X based password entry for ssh

If you're seeing this then you aren't doing anything ssh from a console.

Try emerging gtk2-ssh-askpass

----------

## flickerfly

I emerged x11-ask-pass which is equivalent and it made no change in the issue. I've also created the file and chmod'd it 777. This resulted in the error Host key verification failed.

----------

## UberLord

You need to log out before and login before trying it as it sets an environment variable

----------

## flickerfly

*bang* You've figured out a work around for me that I'm glad to have.  :Very Happy: 

I'd rather do without this ugly GUI stuff though. I'm quite comfortable with the CLI. Any idea on how to take care of that?

----------

## merkaba

has anyone found a *fix* for this?

i've got a similar problem sometime after moving to kernel 2.6 and udev.

root has no problem using ssh and regular terminal windows work fine.

as a regular user ssh -vvv hostname.com ends with:

```

debug3: authmethod_lookup password

debug3: remaining preferred:

debug3: authmethod_is_enabled password

debug1: Next authentication method: password

ssh_askpass: exec(/usr/lib/misc/ssh-askpass): No such file or directory

debug1: Calling cleanup 0x8067b14(0x0)

debug3: packet_send2: adding 64 (len 52 padlen 12 extra_pad 64)

debug2: we sent a password packet, wait for reply

Write failed: Broken pipe

debug1: Calling cleanup 0x8067b14(0x0)

```

as root i get the "root@hostname.com's password:" prompt as expected right after the "debug1: Next authentication method: password" line.

----------

## merkaba

found the problem. 

this fixed it:

```
chmod 660 /dev/tty
```

had to take a look at the openssh source to understand what was going on.

line 111 of readpass.c does "ttyfd = open(_PATH_TTY, O_RDWR);" and in defines.h "# define _PATH_TTY "/dev/tty".

----------

## flickerfly

 *merkaba wrote:*   

> found the problem. 
> 
> this fixed it:
> 
> ```
> ...

 

Thanks merkaba!

----------

## MKhaos7

I was having the same problem here. But jsut the 

```
chmod 660 /dev/tty
```

dind't solve. But i came up with two solutions:

```
 chmod 666 /dev/tty 
```

or, use the 660 and put my user in the tty group.

I'm currently using the second one. Which do you guys thing is the more secure?!

----------

## flickerfly

Well, no doubt 666 is less secure simply because it's opening up the world, in addition to owner and group to read and write permissions on something (doesn't matter much what it is). Theoretically you could do 060 as long as everyone that needed console access was in the group (or was root). In practice leaving off the owner could be a bit of a risk, but I would think if it is set to owner of root it would be no big deal. All that to say, if you can get away with 660 than I would just in case. If your owner is set to root the owner settings are somewhat inconsequential, as far as I can tell.

----------

## g3n

gtk2-ssh-askpass doesnt create  /usr/lib/misc/ssh-askpass

and kdevelop needs it. I had to install x11-ssh-askpass instead

----------

## karnesky

 *g3n wrote:*   

> gtk2-ssh-askpass doesnt create  /usr/lib/misc/ssh-askpass
> 
> and kdevelop needs it. I had to install x11-ssh-askpass instead

 I know this is an old thread, but someone else might benefit from it.  You can still use the gtk2 version if you prefer it.  Just do a:

```
ln /usr/bin/gtk2-ssh-askpass ssh-askpas /usr/lib/misc/ssh-askpass
```

----------

## Chaos

well everyone seems to have moved on from this one, but I am on another computer and don't like the emerge x11-ssh-askpass fix, so here's the fix if anyone wants it:

for whatever reason openssh can't access /dev/tty anymore so I found the best fix to be

```
chown root:users /dev/tty
```

hopefully this will help someone!   :Very Happy: 

----------

## justanothergentoofanatic

Won't that allow any user to display anything on any other user's console?

-Mike

----------

## Loial

I'm rather hesitant to change the permissions on /dev/tty

it now says

crw-rw----  1 root tty  5, 0 Jan 23 18:02 /dev/tty

and i'm not in the tty group

changing permissions or group shouldn't be needed to just use ssh, right?!

btw, I can ssh fine to a machine that grants me acces because my public key is in it's authorized_keys2 file, but when it is not, I get the error about ssh_askpass

----------

## nilbus

This soved my problem with the Host Key Verification Failed error:

```
chmod 666 /dev/tty /dev/ptmx
```

On all my other gentoo boxes, these are the permissions those two files had.

----------

## nadir-san

```
chown root:tty /dev/tty
```

and ur user in the tty group obviously

----------

## cazort

I recently had this problem arise after updating a variety of packages on my system.  This thread seems to have been long since dead, but oddly, everything applied here, but with some twists--I was able to get it working by "chmod 666 /dev/tty".  However, it didn't work to add my user to the tty group.

I agree this is not a great security thing.  It doesn't matter on THIS machine because it's a desktop, but as a matter of principle...I want to know how to do this the "right" way.

Also, this begs the question, WHY THE HECK DID IT BREAK IN THE FIRST PLACE?

I don't do anything radically weird to this system I'm working on...something as fundamental as ssh SHOULD NOT BREAK, under any circumstances.  While experienced users like us seemed to figure this out pretty easily...I wouldn't exactly say this would have been a piece of cake for a newbie.  Is there any way we could look into this to figure out the actual cause--did some package update change the permissions?  Was it a new version of ssh that was the problem?  I dunno...something seems worthy of reporting something (not sure what) to bugs.gentoo.org.  Just not sure exactly what to say...obviously we were able to "fix" it.  But the point is, it should not have broken.

----------

## m4chine

 *Chaos wrote:*   

> well everyone seems to have moved on from this one, but I am on another computer and don't like the emerge x11-ssh-askpass fix, so here's the fix if anyone wants it:
> 
> for whatever reason openssh can't access /dev/tty anymore so I found the best fix to be
> 
> ```
> ...

 

Thanks Chaos, this solved it for me. Cheers!

----------

