# Problems connecting openssh client to ssh.com server

## hbp4c

I have been having a small problem with ssh2 on my gentoo machine.  I have compiled openssh-3.4_p1-r1 and i can ssh into any other openssh box, but when i try to connect to one of my servers that runs ssh.com's ssh2 daemon, i get an error:

```
key_verify failed for server_host_key
```

The output of ssh -vv is as follows:

```
hbp4c@Murphy .ssh $ ssh holmes.acc -vv

OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090604f

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Rhosts Authentication disabled, originating port will not be trusted.

debug1: ssh_connect: needpriv 0

debug1: Connecting to holmes.acc [128.143.12.45] port 22.

debug1: Connection established.

debug1: identity file /home/hbp4c/.ssh/identity type 0

debug2: key_type_from_name: unknown key type '-----BEGIN'

debug2: key_type_from_name: unknown key type 'Proc-Type:'

debug2: key_type_from_name: unknown key type 'DEK-Info:'

debug2: key_type_from_name: unknown key type '-----END'

debug1: identity file /home/hbp4c/.ssh/id_rsa type 1

debug2: key_type_from_name: unknown key type '-----BEGIN'

debug2: key_type_from_name: unknown key type 'Proc-Type:'

debug2: key_type_from_name: unknown key type 'DEK-Info:'

debug2: key_type_from_name: unknown key type '-----END'

debug1: identity file /home/hbp4c/.ssh/id_dsa type 2

debug1: Remote protocol version 1.99, remote software version 3.0.1 SSH Secure Shell (non-commercial)

debug1: match: 3.0.1 SSH Secure Shell (non-commercial) pat 3.0.*

Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_3.4p1

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96

debug2: kex_parse_kexinit: none

debug2: kex_parse_kexinit: none

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: first_kex_follows 0 

debug2: kex_parse_kexinit: reserved 0 

debug2: kex_parse_kexinit: diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-dss

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,twofish128-cbc,twofish-cbc,arcfour,cast128-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc,none

debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,twofish128-cbc,twofish-cbc,arcfour,cast128-cbc,aes192-cbc,aes256-cbc,twofish192-cbc,twofish256-cbc,none

debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,none

debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,none

debug2: kex_parse_kexinit: none,zlib

debug2: kex_parse_kexinit: none,zlib

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: 

debug2: kex_parse_kexinit: first_kex_follows 0 

debug2: kex_parse_kexinit: reserved 0 

debug2: mac_init: found hmac-md5

debug1: kex: server->client aes128-cbc hmac-md5 none

debug2: mac_init: found hmac-md5

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: dh_gen_key: priv key bits set: 138/256

debug1: bits set: 490/1024

debug1: sending SSH2_MSG_KEXDH_INIT

debug1: expecting SSH2_MSG_KEXDH_REPLY

debug1: Host 'holmes.acc.virginia.edu' is known and matches the DSA host key.

debug1: Found key in /home/hbp4c/.ssh/known_hosts:1

debug1: bits set: 527/1024

debug1: ssh_dss_verify: signature incorrect

key_verify failed for server_host_key

debug1: Calling cleanup 0x80689e0(0x0)

```

Any ideas?

If I use

```
 ssh -1 holmes.acc
```

 everything is fine, showing that version 1 works fine.  

Many thanks ahead of time for everyone's help.

Howard :Cool: 

----------

## jooly

I am having the same problem.  Output from ssh -2v attempting to connect to a server running ssh2 is as follows:

OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090604f

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Rhosts Authentication disabled, originating port will not be trusted.

debug1: ssh_connect: needpriv 0

debug1: Connecting to saltine.berkeley.edu [128.32.92.75] port 22.

debug1: Connection established.

debug1: identity file /home/jwalters/.ssh/id_rsa type -1

debug1: identity file /home/jwalters/.ssh/id_dsa type -1

debug1: Remote protocol version 1.99, remote software version 3.1.0 SSH Secure S                   hell (non-commercial)

debug1: no match: 3.1.0 SSH Secure Shell (non-commercial)

Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_3.4p1

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-cbc hmac-md5 none

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: dh_gen_key: priv key bits set: 135/256

debug1: bits set: 510/1024

debug1: sending SSH2_MSG_KEXDH_INIT

debug1: expecting SSH2_MSG_KEXDH_REPLY

debug1: Host 'saltine.berkeley.edu' is known and matches the DSA host key.

debug1: Found key in /home/jwalters/.ssh/known_hosts:2

debug1: bits set: 547/1024

debug1: ssh_dss_verify: signature incorrect

key_verify failed for server_host_key

debug1: Calling cleanup 0x80689a0(0x0)

I'm stumped!  Thanks in advance for any advice you can give!

Julie

----------

## hyperstation

i'm having the same trouble here with the same version. is there a fix for this, ssh-kegen didn't seem to help much...

----------

## hbp4c

I was looking into the problem futher and ran across this thread on another discussion board.  

http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=102512622307548&w=2

I had thought about posting a bug on bugs.gentoo.org but this problem seems to be common among other distro's also.  Therefore, I guess ill keep looking around until I find a good solution and pass it along here.

If anyone sees any good suggestions in the meantime, please let me know.  Im open to experimentation at the moment.   :Twisted Evil: 

Thanks

Howard

----------

