summary: Occasional "server's host key did not match the signature supplied" difficulty: tricky: Needs many tuits. present-in: 0.55 0.56 2005-01-31 0.57 0.58
We've had several as-yet-unexplained reports of this (SSH-2
specific) error message, which may represent a bug in PuTTY or in an
SSH server, or perhaps data corruption in between. They've been
difficult to reproduce.
To determine for sure whether the problem lies in PuTTY or not, we
need extra information from a diagnostic build which we can provide,
as well as the ordinary SSH packet log.
<20040827195154.GE20058@eggnog.rc-comp.com> WinXP, 0.55, "OpenSSH_3.6.1p2 Debian 1:3.6.1p2-9" &
"OpenSSH_3.8.1p1 Debian 1:3.8.1p1-8"; problem went away on its own
after a while
Depended on where session was run from (firewall/proxy probs?)
With packet log
<200503171416120713.0B297B13@mail.liveplaylearn.com> 0.56/0.57, "OpenSSH_3.4p1"
<200503181604010835.10B29C1C@mail.liveplaylearn.com>:
Packet log and exchange hash (unfortunately this was the wrong
diagnostic)
CFB553FDAA2A5342BB3383CF908AFD4601E0D9EE@dewdfe21.wdf.sap.corp 0.58; "SSH-2.0-SAP"; connecting to 127.0.0.1:22
f3d578550505160904747bb411@mail.gmail.com 0.57; SSH server was running on port 21 in a restricted environment,
and other protocols reported corruption; this went away when moving to
port 443
<4257734F.4060406@koncar-institut.hr> 0.57, OpenSSH_3.8.1p1
<4296E722.7090106@koncar-institut.hr>:
SSH packet log with DH private value (to be analysed)
One interesting report had both this SSH-2 failure, and the SSH-1
failure "Incorrect CRC received on packet", occurring reproducibly
on the same machine, and no other. Some further digging
into the SSH-1 problem by our correspondent indicated that PuTTY's
rsaencrypt() function was playing up; and they found that
with their compiler ("Microsoft (R) 32-bit C/C++ Optimizing Compiler
Version 13.10.3077 for 80x86") adding /Od (disable all
optimisations) made the problem go away.
<20051108211710.79855.qmail@web52815.mail.yahoo.com> et seq
If you want to comment on this web site, see the
Feedback page.