Could not load host key: ..., but keys exist. - SSH

This is a discussion on Could not load host key: ..., but keys exist. - SSH ; I`v been searching over google to find solution, but nothing helps. I`v set up openssh on Debian Etch, by typing apt-get install openssh- server openssh-client. I could log on to server from remote computer (connection reset by peer), until i ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Could not load host key: ..., but keys exist.

  1. Could not load host key: ..., but keys exist.

    I`v been searching over google to find solution, but nothing helps.

    I`v set up openssh on Debian Etch, by typing apt-get install openssh-
    server openssh-client. I could log on to server from remote computer
    (connection reset by peer), until i re-generated public ssh keys.

    I re-generated them in this way:
    ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
    ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
    when promted for password, i typed custom password.

    But now sshd wont load
    Could not load host key: /etc/ssh/ssh_host_rsa_key
    Could not load host key: /etc/ssh/ssh_host_dsa_key

    I have a clue that something is wrong with key files.

    How to fix? :/

    Files attached:
    sshd debug: -->


    /usr/sbin/sshd -d -d -d
    debug2: load_server_config: filename /etc/ssh/sshd_config
    debug2: load_server_config: done config len = 755
    debug2: parse_server_config: config /etc/ssh/sshd_config len 755
    debug1: sshd_version OpenSSH_4.3p2 Debian-9
    debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
    debug1: PEM_read_PrivateKey failed
    debug1: read PEM private key done: type
    Could not load host key: /etc/ssh/ssh_host_rsa_key
    debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
    debug1: PEM_read_PrivateKey failed
    debug1: read PEM private key done: type
    Could not load host key: /etc/ssh/ssh_host_dsa_key
    debug1: rexec_argv[0]='/usr/sbin/sshd'
    debug1: rexec_argv[1]='-d'
    debug1: rexec_argv[2]='-d'
    debug1: rexec_argv[3]='-d'
    debug2: fd 3 setting O_NONBLOCK
    debug1: Bind to port 10244 on ::.
    Server listening on :: port 10244.
    debug2: fd 4 setting O_NONBLOCK
    debug1: Bind to port 10244 on 0.0.0.0.




    /etc/ssh -->


    ls -l /etc/ssh
    total 164
    -rw-r--r-- 1 root root 132777 2007-03-05 18:38 moduli
    -rw-r--r-- 1 root root 1423 2008-03-19 19:45 ssh_config
    -rw-r--r-- 1 root root 1947 2008-03-19 20:16 sshd_config
    -rw-r--r-- 1 root root 1881 2008-01-21 21:39 sshd_config.old
    -rw------- 1 root root 736 2008-03-19 20:20 ssh_host_dsa_key
    -rw-r--r-- 1 root root 600 2008-03-19 20:20 ssh_host_dsa_key.pub
    -rw------- 1 root root 951 2008-03-19 20:21 ssh_host_rsa_key
    -rw-r--r-- 1 root root 220 2008-03-19 20:21 ssh_host_rsa_key.pub



    and sshd_config file. (note ServerKeyBits 1024. I tried that, when
    nothing worked and so i tried to generate keys with -b 1024) -->


    # Package generated configuration file
    # See the sshd(8) manpage for details

    # What ports, IPs and protocols we listen for
    Port 10244
    # Use these options to restrict which interfaces/protocols sshd will
    bind to
    #ListenAddress ::
    #ListenAddress
    Protocol 2
    ClientAliveInterval 60
    ClientAliveCountMax 30

    # HostKeys for protocol version 2
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key
    #Privilege Separation is turned on for security
    UsePrivilegeSeparation yes

    # Lifetime and size of ephemeral version 1 server key
    KeyRegenerationInterval 3600
    #ServerKeyBits 768
    ServerKeyBits 1024

    # Logging
    SyslogFacility AUTH
    LogLevel INFO

    # Authentication:
    LoginGraceTime 120
    PermitRootLogin no
    StrictModes yes

    RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile %h/.ssh/authorized_keys

    # Don't read the user's ~/.rhosts and ~/.shosts files
    IgnoreRhosts yes
    # For this to work you will also need host keys in /etc/
    ssh_known_hosts
    RhostsRSAAuthentication no
    # similar for protocol version 2
    HostbasedAuthentication no
    # Uncomment if you don't trust ~/.ssh/known_hosts for
    RhostsRSAAuthentication
    #IgnoreUserKnownHosts yes

    # To enable empty passwords, change to yes (NOT RECOMMENDED)
    PermitEmptyPasswords no

    # Change to yes to enable challenge-response passwords (beware issues
    with
    # some PAM modules and threads)
    ChallengeResponseAuthentication no

    # Change to no to disable tunnelled clear text passwords
    PasswordAuthentication yes

    # Kerberos options
    #KerberosAuthentication no
    #KerberosGetAFSToken no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes

    # GSSAPI options
    #GSSAPIAuthentication no
    #GSSAPICleanupCredentials yes

    X11Forwarding no
    X11DisplayOffset 10
    PrintMotd no
    PrintLastLog yes
    TCPKeepAlive yes
    #UseLogin no

    #MaxStartups 10:30:60
    #Banner /etc/issue.net

    # Allow client to pass locale environment variables
    AcceptEnv LANG LC_*

    Subsystem sftp /usr/lib/openssh/sftp-server

    UsePAM no

  2. Re: Could not load host key: ..., but keys exist.

    wrote:
    > I re-generated them in this way:
    > ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
    > ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
    > when promted for password, i typed custom password.


    How do you expect sshd to load the keys without knowing that
    passphrase?

    The host keys should be generated _without_ a passphrase, because
    otherwise sshd can't load them.

    (In principle you could instead tell sshd the passphrase, but in
    practice (a) no sshd I've heard of supports this mode of use, and
    (b) it wouldn't be a security improvement anyway since the
    passphrase would have to be stored on disk.)
    --
    Simon Tatham "You may call that a cheap shot.
    I prefer to think of it as good value."

  3. Re: Could not load host key: ..., but keys exist.

    On 19 Mar, 17:17, Simon Tatham wrote:
    > wrote:
    > > I re-generated them in this way:
    > > ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
    > > ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
    > > when promted for password, i typed custom password.

    >
    > How do you expect sshd to load the keys without knowing that
    > passphrase?
    >
    > The host keys should be generated _without_ a passphrase, because
    > otherwise sshd can't load them.
    >
    > (In principle you could instead tell sshd the passphrase, but in
    > practice (a) no sshd I've heard of supports this mode of use, and
    > (b) it wouldn't be a security improvement anyway since the
    > passphrase would have to be stored on disk.)


    Well, in theory, you could have an SSH agent for them. But I've never
    heard ot this approach for host keys!

  4. Re: Could not load host key: ..., but keys exist.

    On 19 Marts, 19:17, Simon Tatham wrote:
    > wrote:
    > > I re-generated them in this way:
    > > ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
    > > ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
    > > when promted for password, i typed custom password.

    >
    > The host keys should be generated _without_ a passphrase, because
    > otherwise sshd can't load them.


    Thank you.
    Regenerated keys without password, now it works!
    Solved.

+ Reply to Thread