Bug #6143
closed
sshd can't load host key log spam
0%
Description
https://forum.pfsense.org/index.php?topic=109815.0
Apr 13 10:59:46 sshd 76036 error: Could not load host key: /etc/ssh/ssh_host_dsa_key
Apr 13 10:59:48 sshd 76036 Accepted publickey for root from 192.168.2.21 port 63937 ssh2: RSA SHA256:+iLjwFi...
SSH works, it just spits out this error in the system log every time connected.
Updated by Jose Luis Duran over 8 years ago
You probably had connected previously to 192.168.2.21 as root and have a DSA public key in your ~/.ssh/known_hosts (HKEY_CURRENT_USER\SoftWare\SimonTatham\PuTTY\SshHostKeys if you are using PuTTY).
DSA keys are no longer an option, and hopefully, neither will ECDSA (https://github.com/pfsense/pfsense/pull/2783) in the next version.
The solution is to remove the DSA public key from your keystore (usually in ~/.ssh/known_hosts).
As a recommendation, you should consider disabling DSA keys on your ssh client as well.
Updated by Chris Buechler over 8 years ago
- Subject changed from sshd can't load host key error to sshd can't load host key log spam
- Category set to Operating System
- Status changed from New to Confirmed
- Priority changed from Normal to Low
sshd tries to load those files even if they're not there unless HostKey is configured in sshd_config. It's just log spam, can be fixed by specifying HostKey in sshd_config for each host key.
Updated by Jim Thompson over 8 years ago
- Assignee set to Renato Botelho
Let's look at bringing in the PR, as well.
Updated by Jose Luis Duran over 8 years ago
I've opened https://github.com/pfsense/pfsense/pull/2874.
I have not been able to replicate this, from the comment, this should fix it?
Updated by NOYB NOYB over 8 years ago
Yup. Looks like that fixes it.
Apply the code and no more error in the log.
Remove the code and error returns to the log.
Thanks
Updated by Chris Buechler over 8 years ago
- Status changed from Confirmed to Feedback
- Assignee changed from Renato Botelho to Chris Buechler
that works, leaving to verify in snapshot