On Fri, Jan 09, 2015 at 12:22:00 -0800, grantksupport@xxxxxxxxxxxxx wrote: > @client > > as root (as before) > > ssh server.DOMAIN.COM > Permission denied (hostbased). > > instead, as my user, fails differently for some reason, > > ssh server.DOMAIN.COM > ... > no matching hostkey found for key ED25519 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx > ssh_keysign: no reply > key_sign failed > Permission denied (hostbased). > So, that indicates that you have a problem with your client setup. Since you are trying to use ssh from /usr/local/bin, I take it that it is a local build. As such, some of the files may not be properly located. You can check the location of the ssh-keysign binary by running strings on the ssh executable and grep'ing for ssh-keysign. I expect that it will be /usr/local/libexec/ssh-keysign. Make sure that it is setuid root. You can then run strings on the ssh-keysign executable and grep for ssh_host ed25519 to confirm the expected location for the host key. Make sure that the key can be found in the expected location, and that the public key is world-readable, but that the private key is readable only by root. Note, if you do not see a reference to ssh_host_ed25519 in the above strings output, the ssh-keysign executable is from an older distribution that does not support ED25519. Given that possibility, you might try adding the ECDSA key for the client to the ssh_known_hosts file on the server. -- Iain Morgan _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev