X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=3.8 required=5.0 tests=AWL,BAYES_50,RCVD_IN_DNSWL_NONE,TW_JM,TW_RJ X-Spam-Check-By: sourceware.org Content-Type: text/plain; charset="utf-8" User-Agent: Web-Based Email 5.5.13 Message-Id: <20110726220301.d52ff2515557dfa37b5fca37f5f74414.5482ed260b.wbe@email00.secureserver.net> From: To: cygwin AT cygwin DOT com Cc: "drj " Subject: Man-in-the-middle error on only one side. Date: Tue, 26 Jul 2011 22:03:01 -0700 Mime-Version: 1.0 Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id p6R53Q3Y004223 I've tried to research this extensively but I'm hitting a wall now. I'm running a Windows 7 64 bit I7 box with 12 gbytes. I have VMware Workstation installed and it is running VMware Studio which is a Ubuntu virtual appliance. I've installed Cygwin OpenSSH and configured it using ssh-host-config and ssh-user-config. Cygwin sshd is running as a service and the "Allow service to interact with desktop" box is checked. I AM able to connect via ssh and also to scp files to VMware Studio. However, I am NOT ABLE to connect via ssh from VMware Studio to the windows box. There are 3 data sections below that will hopefully describe the problem: - The verbose output from the SSH command attempt: (VMware -> Windows) - The Windows event data generated by that attempt - The ssh-keygen data for each side of the connection 1. SSH COMMAND VERBOSE OUTPUT DATA root AT VMwareStudio:~# more sshLog.txt OpenSSH_4.7p1 Debian-8ubuntu1.2, OpenSSL 0.9.8g 19 Oct 2007 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to 192.168.1.120 [192.168.1.120] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: identity file /root/.ssh/identity type -1 debug1: identity file /root/.ssh/id_rsa type 1 debug1: identity file /root/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8 debug1: match: OpenSSH_5.8 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1.2 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 none debug1: kex: client->server aes128-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 44:92:ae:a4:32:51:06:bc:59:89:f3:be:38:53:54:52. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending key in /root/.ssh/known_hosts:3 Password authentication is disabled to avoid man-in-the-middle attacks. Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks. debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interactive debug1: Next authentication method: publickey debug1: Trying private key: /root/.ssh/identity debug1: Offering public key: /root/.ssh/id_rsa Connection closed by 192.168.1.120 root AT VMwareStudio:~# 2. EVENT LOG DATA Log Name: Application Source: sshd Date: 7/26/2011 8:49:46 PM Event ID: 0 Task Category: None Level: Error Keywords: Classic User: SYSTEM Computer: drjmgh-PC Description: The description for Event ID 0 from source sshd cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: sshd: PID 8608: fatal: seteuid 1020: Permission denied Event Xml: 0 2 0 0x80000000000000 8201 Application drjmgh-PC sshd: PID 8608: fatal: seteuid 1020: Permission denied 3. SSH-KEYGEN DATA a. The authorized_keys and known_hosts files on the VMware side. root AT VMwareStudio:~/.ssh# more authKeys.txt 2048 44:92:ae:a4:32:51:06:bc:59:89:f3:be:38:53:54:52 authorized_keys root AT VMwareStudio:~/.ssh# root AT VMwareStudio:~/.ssh# more knownHosts.txt 2048 44:92:ae:a4:32:51:06:bc:59:89:f3:be:38:53:54:52 known_hosts root AT VMwareStudio:~/.ssh# b. The Windows side. This is the /etc/ssh_host_rsa_key.pub file. I added this key since the ssh command output above indicated that this is the key that it is looking for. vmware_studiouser AT drjmgh-PC /etc $ ssh-keygen -lf ssh_host_rsa_key.pub 2048 44:92:ae:a4:32:51:06:bc:59:89:f3:be:38:53:54:52 ssh_host_rsa_key.pub (RSA) Thanks for any help that you can provide. Don Johnson -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple