Bug #6143: sshd can't load host key log spam - pfSense - pfSense bugtracker

Actions

Copy link

Bug #6143

closed

sshd can't load host key log spam

Added by NOYB NOYB almost 10 years ago. Updated almost 10 years ago.

Status:

Resolved

Priority:

Low

Assignee:

Chris Buechler

Category:

Operating System

Target version:

2.3.1

Start date:

04/13/2016

Due date:

% Done:

Estimated time:

Plus Target Version:

Release Notes:

Affected Version:

2.3

Affected Architecture:

Description

https://forum.pfsense.org/index.php?topic=109815.0

Apr 13 10:59:46 sshd 76036 error: Could not load host key: /etc/ssh/ssh_host_dsa_key Apr 13 10:59:48 sshd 76036 Accepted publickey for root from 192.168.2.21 port 63937 ssh2: RSA SHA256:+iLjwFi...

SSH works, it just spits out this error in the system log every time connected.

Actions

Copy link

Updated by Jose Luis Duran almost 10 years ago

You probably had connected previously to 192.168.2.21 as root and have a DSA public key in your ~/.ssh/known_hosts (HKEY_CURRENT_USER\SoftWare\SimonTatham\PuTTY\SshHostKeys if you are using PuTTY).

DSA keys are no longer an option, and hopefully, neither will ECDSA (https://github.com/pfsense/pfsense/pull/2783) in the next version.

The solution is to remove the DSA public key from your keystore (usually in ~/.ssh/known_hosts).

As a recommendation, you should consider disabling DSA keys on your ssh client as well.

Actions

Copy link

Updated by Chris Buechler almost 10 years ago

Subject changed from sshd can't load host key error to sshd can't load host key log spam
Category set to Operating System
Status changed from New to Confirmed
Priority changed from Normal to Low

sshd tries to load those files even if they're not there unless HostKey is configured in sshd_config. It's just log spam, can be fixed by specifying HostKey in sshd_config for each host key.

Actions

Copy link