SUMMARY: OpenSSH - Could not load host key: /etc/sshd/ssh_host_rsa_key

From: LOEWENTHAL Simon <sloewenthal_at_gemini.edu> Date: Thu May 12 2005 - 16:50:16 EDT · This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:46 EST

SUMMARY:

The problem was two fold:

1) The sshd_config should have been modifed to look for the keys under 
/etc/ssh instead of /etc/sshd, instead of using the -h option.  Since my 
sshd_config is on an NFS mount then this was easier than rolling the 
change out to all the clients.

2) Pam was spitting out an error message, which stopped non-root 
accounts from logging in.  When the UsePAM option in the sshd_config was 
toggled to no the users could log onto the system.

Many thanks to all those of you who replied:   Eric Lewandowski, Andrew 
Hall, Chrisopher L Bernard, Crist Clark, Mauricio Tavares, and Micheal 
Chanslor.

Regards, Simon.
-- ISG/Gemini/AURA

LOEWENTHAL Simon wrote:

>Dear all,
>
>Today I installed OpenSSH on a Solaris 8 machine.  I created the keys 
>under /etc/ssh, which are:
>   2 -rw-------   1 root     other        668 Apr 29 15:28 ssh_host_dsa_key
>   2 -rw-r--r--   1 root     other        603 Apr 29 15:28 
>ssh_host_dsa_key.pub
>   2 -rw-------   1 root     other        883 Apr 29 15:27 ssh_host_rsa_key
>   2 -rw-r--r--   1 root     other        223 Apr 29 15:27 
>ssh_host_rsa_key.pub
>
>The /etc/init.d/openssh essentially runs:
>
>[ -x /opt/csw/sbin/sshd ] && /opt/csw/sbin/sshd -h 
>/etc/ssh/ssh_host_dsa_key -h /etc/ssh/ssh_host_rsa_key
>
>However, when this runs I get the message:
>Could not load host key: /etc/sshd/ssh_host_rsa_key
>Could not load host key: /etc/sshd/ssh_host_dsa_key
>
>In the /etc/init.d/openssh there is a varible defined, KEYDIR=/etc/ssh, 
>but this is only used by /ssh-keygen/, and it does not
>say /etc/ssh*d.
>
>*If I link /etc/ssh to /etc/sshd  the error message disapears, but no 
>users except root can log on via SSH.
>If I move /etc/ssh /etc/sshd, then keygen runs again as if it cannot see 
>the keys, and then sshd says that it cannot load the keys from /etc/ssh!
>
>Has anyone seen this afore?
>
>
>Regards, S.

[demime 1.01b removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers