SSH issue

Unanswered Question
May 22nd, 2007

This is after deleting the previously stored key from

/home/myid/.ssh/known_hosts.

debug1: sending SSH2_MSG_KEXDH_INIT

debug1: expecting SSH2_MSG_KEXDH_REPLY

debug3: check_host_in_hostfile: filename /home/myid/.ssh/known_hosts

debug3: check_host_in_hostfile: filename /etc/ssh_known_hosts

debug3: check_host_in_hostfile: filename /home/myid/.ssh/known_hosts

debug3: check_host_in_hostfile: filename /etc/ssh_known_hosts

debug3: check_host_in_hostfile: filename /home/myid/.ssh/known_hosts

debug3: check_host_in_hostfile: filename /etc/ssh_known_hosts

debug2: no key of type 0 for host router1

debug3: check_host_in_hostfile: filename /home/myid/.ssh/known_hosts2

debug3: check_host_in_hostfile: filename /etc/ssh_known_hosts2

debug3: check_host_in_hostfile: filename /home/myid/.ssh/known_hosts

debug3: check_host_in_hostfile: filename /etc/ssh_known_hosts

debug2: no key of type 2 for host router1

The authenticity of host 'router1 (10.1.5.9)' can't be established.

RSA key fingerprint is 22:e3:6d:c1:12:be:0e:63:4c:77:0c:b5:67:74:c5:ae.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'router1,10.1.5.9' (RSA) to the list of known hosts.

debug2: bits set: 507/1024

RSA_public_decrypt failed: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01

debug1: ssh_rsa_verify: signature incorrect

key_verify failed for server_host_key

debug1: Calling cleanup 0x2d2e4(0x0)

There's no hardware change on the Cisco device.

"show cryp key mypubkey rsa" looks fine.

Never mind, turns out no SSH server is running on the router.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Tue, 05/22/2007 - 11:47

Just FYI, when troubleshooting SSH, the first thing I typically do is telnet to TCP port 22 on the target device. This allows me to confirm, first, that SSH is running, and second what protocol version is being used:

1.5 : The device only supports SSHv1

1.99 : The device supports both SSHv1 and SSHv2 (RME will use SSHv2 to communicate with the device)

2.0 : The device only supports SSHv2

yjdabear Tue, 05/22/2007 - 11:50

In this case, it's answering on port 22, but "show ssh" indicates there's no SSHv1 or v2 server running.

%No SSHv2 server connections running.

%No SSHv1 server connections running.

lpsnetwork Wed, 12/30/2015 - 11:01

The issue : RSA_public_decrypt failed: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01
key_verify failed for server_host_key

is related to the cisco router. The RSA key are corrupted and you cannot connect on the router with a ssh client in SSH V2

To fix it

  • Enable telnet access on the router

    enable

    conf t
    line vty 0 4
    logging synchronous
    length 0
    transport input telnet ssh
    line vty 5 15
    logging synchronous
    transport input telnet ssh

  • Suppress the RSA key present on the router by the telnet access

    enable
    conf t
    crypto key zeroize

  • Add a domain name on the router

    enable
    conf t
    ip domain-name XXX.YYY.com

  • Create a new key RSA pair 

    enable
    conf t
    crypto key rsa modulus 2048

  • Reboot the router

Actions

This Discussion