Bug #6143
closed
sshd can't load host key log spam
Added by NOYB NOYB over 8 years ago.
Updated over 8 years ago.
Category:
Operating System
Description
https://forum.pfsense.org/index.php?topic=109815.0
Apr 13 10:59:46 sshd 76036 error: Could not load host key: /etc/ssh/ssh_host_dsa_key
Apr 13 10:59:48 sshd 76036 Accepted publickey for root from 192.168.2.21 port 63937 ssh2: RSA SHA256:+iLjwFi...
SSH works, it just spits out this error in the system log every time connected.
You probably had connected previously to 192.168.2.21 as root and have a DSA public key in your ~/.ssh/known_hosts (HKEY_CURRENT_USER\SoftWare\SimonTatham\PuTTY\SshHostKeys if you are using PuTTY).
DSA keys are no longer an option, and hopefully, neither will ECDSA (https://github.com/pfsense/pfsense/pull/2783) in the next version.
The solution is to remove the DSA public key from your keystore (usually in ~/.ssh/known_hosts).
As a recommendation, you should consider disabling DSA keys on your ssh client as well.
- Subject changed from sshd can't load host key error to sshd can't load host key log spam
- Category set to Operating System
- Status changed from New to Confirmed
- Priority changed from Normal to Low
sshd tries to load those files even if they're not there unless HostKey is configured in sshd_config. It's just log spam, can be fixed by specifying HostKey in sshd_config for each host key.
- Assignee set to Renato Botelho
Let's look at bringing in the PR, as well.
Yup. Looks like that fixes it.
Apply the code and no more error in the log.
Remove the code and error returns to the log.
Thanks
- Status changed from Confirmed to Feedback
- Assignee changed from Renato Botelho to Chris Buechler
that works, leaving to verify in snapshot
- Status changed from Feedback to Resolved
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by