Possible known_hosts corruption
I'm using @Host *@ section at my @/.ssh/config@ to enable monkeysphere and I'm getting the following error when trying to ssh to a box that doesn't have a GPG pubkey (not exported to a keyserver and not on my keyring) but that have an entry in @/.ssh/known_hosts@:
ssh_exchange_identification: Connection closed by remote host
If I execute directly monkeysphere ssh-proxycommand:
(0) rhatto@box:~ $ MONKEYSPHERE_LOG_LEVEL=debug monkeysphere ssh-proxycommand --no-connect server1.example.com 22 (1) rhatto@box:~ $
Running bash with @-x@ flag I got
(0) rhatto@box:~ $ MONKEYSPHERE_LOG_LEVEL=debug bash -x monkeysphere ssh-proxycommand --no-connect server1.example.com 22 + set -e ++ basename monkeysphere + PGRM=monkeysphere + SYSSHAREDIR=/usr/share/monkeysphere + export SYSSHAREDIR + . /usr/share/monkeysphere/defaultenv ++ SYSCONFIGDIR=/etc/monkeysphere ++ export SYSCONFIGDIR ++ LOG_LEVEL=INFO ++ KEYSERVER=pool.sks-keyservers.net ++ CHECK_KEYSERVER=true ++ STRICT_MODES=true ++ MONKEYSPHERE_USER=monkeysphere ++ PROMPT=true + . /usr/share/monkeysphere/common + MSHAREDIR=/usr/share/monkeysphere/m ++ date -u +%FT%T + DATE=2010-10-05T16:51:34 + unset GREP_OPTIONS + umask 077 + GNUPGHOME=/home/rhatto/.gnupg + KNOWN_HOSTS=/home/rhatto/.ssh/known_hosts + HASH_KNOWN_HOSTS=true + AUTHORIZED_KEYS=/home/rhatto/.ssh/authorized_keys + unset CHECK_KEYSERVER + '[' -r /etc/monkeysphere/monkeysphere.conf ']' + . /etc/monkeysphere/monkeysphere.conf + MONKEYSPHERE_HOME=/home/rhatto/.monkeysphere + mkdir -p -m 0700 /home/rhatto/.monkeysphere + '[' -e /home/rhatto/.monkeysphere/monkeysphere.conf ']' + GNUPGHOME=/home/rhatto/.gnupg + LOG_LEVEL=debug + KEYSERVER=pool.sks-keyservers.net + '[' -z pool.sks-keyservers.net ']' + PROMPT=true + KNOWN_HOSTS=/home/rhatto/.ssh/known_hosts + HASH_KNOWN_HOSTS=true + AUTHORIZED_KEYS=/home/rhatto/.ssh/authorized_keys + STRICT_MODES=true + AUTHORIZED_USER_IDS=/home/rhatto/.monkeysphere/authorized_user_ids + REQUIRED_HOST_KEY_CAPABILITY=a + REQUIRED_USER_KEY_CAPABILITY=a + LOG_PREFIX='ms: ' + export GNUPGHOME + mkdir -p -m 0700 /home/rhatto/.gnupg + export LOG_LEVEL + export LOG_PREFIX + '[' 4 -eq 0 ']' + COMMAND=ssh-proxycommand + shift + case $COMMAND in + source /usr/share/monkeysphere/m/ssh_proxycommand + ssh_proxycommand --no-connect server1.example.com 22 + local hostKey + '[' --no-connect = --no-connect ']' + NO_CONNECT=true + shift 1 + HOST=server1.example.com + PORT=22 + '[' -z server1.example.com ']' + '[' -z 22 ']' + '[' 22 '!=' 22 ']' + HOSTP=server1.example.com + URI=ssh://server1.example.com + gpg_user --list-key =ssh://server1.example.com + '[' -r /home/rhatto/.ssh/known_hosts ']' + type ssh-keygen ++ ssh-keygen -F server1.example.com -f /home/rhatto/.ssh/known_hosts + hostKey= (1) rhatto@box:~ $
It dies after invoking @ssh-keygen -F server.domain -f /home/rhatto/.ssh/known_hosts@. I called this command by myself and found this:
(0) rhatto@box:~ $ ssh-keygen -F server1.example.com -f /home/rhatto/.ssh/known_hosts line 70 invalid key: [server2.example.com]:2204,[And line 70 from ~/.ssh/known_hosts is like
[server2.example.com]:2204,[]:2204 ssh-rsa XXXXXX==So I was trying to connect to server1 but ssh-proxycommand exits after a failure with ssh-keygen because there was an invalid host entry for server2. I don't have a clue on how this "[]" got to my known_hosts file, but removing this line fix the issue and no such bad line is added again to @known_hosts@. I have no idea of what triggered the buggy output (or whether it was monkeysphere responsible for it).
I enabled the @Host *@ section at @~/.ssh/config@ a few days ago after a while withouth using monkeysphere (previously I had just used monkeysphere a couple times to auth into some servers, then I commented the ssh config due to operating system migration). Also, as an aditional information: a few days ago I imported @server2.example.com@ key to monkeysphere.
I can't guess exactly when the problematic line was inserted and the best I can do is try to figure out which situation makes ssh (or monkeysphere) output "" instead the host IP.
(from redmine: created on 2010-10-06, closed on 2010-10-07)