Project

General

Profile

Bug #6143

sshd can't load host key log spam

Added by NOYB NOYB almost 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Low
Category:
Operating System
Target version:
Start date:
04/13/2016
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.3
Affected Architecture:

Description

https://forum.pfsense.org/index.php?topic=109815.0

Apr 13 10:59:46 sshd 76036 error: Could not load host key: /etc/ssh/ssh_host_dsa_key
Apr 13 10:59:48 sshd 76036 Accepted publickey for root from 192.168.2.21 port 63937 ssh2: RSA SHA256:+iLjwFi...

SSH works, it just spits out this error in the system log every time connected.

History

#1 Updated by Jose Luis Duran almost 3 years ago

You probably had connected previously to 192.168.2.21 as root and have a DSA public key in your ~/.ssh/known_hosts (HKEY_CURRENT_USER\SoftWare\SimonTatham\PuTTY\SshHostKeys if you are using PuTTY).

DSA keys are no longer an option, and hopefully, neither will ECDSA (https://github.com/pfsense/pfsense/pull/2783) in the next version.

The solution is to remove the DSA public key from your keystore (usually in ~/.ssh/known_hosts).

As a recommendation, you should consider disabling DSA keys on your ssh client as well.

#2 Updated by Chris Buechler almost 3 years ago

  • Subject changed from sshd can't load host key error to sshd can't load host key log spam
  • Category set to Operating System
  • Status changed from New to Confirmed
  • Priority changed from Normal to Low

sshd tries to load those files even if they're not there unless HostKey is configured in sshd_config. It's just log spam, can be fixed by specifying HostKey in sshd_config for each host key.

#3 Updated by Jim Thompson almost 3 years ago

  • Assignee set to Renato Botelho

Let's look at bringing in the PR, as well.

#4 Updated by Jose Luis Duran almost 3 years ago

I've opened https://github.com/pfsense/pfsense/pull/2874.

I have not been able to replicate this, from the comment, this should fix it?

#5 Updated by NOYB NOYB almost 3 years ago

Yup. Looks like that fixes it.
Apply the code and no more error in the log.
Remove the code and error returns to the log.
Thanks

#6 Updated by Chris Buechler almost 3 years ago

  • Status changed from Confirmed to Feedback
  • Assignee changed from Renato Botelho to Chris Buechler

that works, leaving to verify in snapshot

#7 Updated by Chris Buechler almost 3 years ago

  • Status changed from Feedback to Resolved

works

Also available in: Atom PDF