LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 03-19-2009, 02:39 AM   #1
ryannlinux
LQ Newbie
 
Registered: Feb 2009
Location: NZ
Distribution: Ubuntu
Posts: 9

Rep: Reputation: 0
can't start sshd. Error is "Generating SSH1 RSA host key [FAILED]


fedora 10:

I can't start sshd, any ideas guys?

$service sshd start
Generating SSH1 RSA Host key [FAILED]


no instance of sshd is running yet. Thanks.
 
Old 03-19-2009, 04:13 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,165
Blog Entries: 54

Rep: Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796
Do your system logs hold any information? If not, does checking /etc/init.d/sshd and running startup commands manually from the CLI show any info?
 
Old 03-19-2009, 05:12 AM   #3
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,627

Rep: Reputation: Disabled
I guess the services are to be started as root on root as on RH. The $ says you are not.
 
Old 03-19-2009, 04:29 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,165
Blog Entries: 54

Rep: Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796
Quote:
Originally Posted by linuxlover.chaitanya View Post
The $ says you are not.
Missed that. Good one!
 
Old 03-20-2009, 12:34 AM   #5
ryannlinux
LQ Newbie
 
Registered: Feb 2009
Location: NZ
Distribution: Ubuntu
Posts: 9

Original Poster
Rep: Reputation: 0
Thanks. I tried as root but got the same result. Checking /var/log/messages showed below:

SELinux is prventing ssh-keygen (ssh_keygen_t) "read" to libgssapi_krb5.so.2

Not really sure how to control SELinux from CLI
 
Old 03-20-2009, 12:42 AM   #6
ryannlinux
LQ Newbie
 
Registered: Feb 2009
Location: NZ
Distribution: Ubuntu
Posts: 9

Original Poster
Rep: Reputation: 0
I gave this option a try and it worked

as root:
#setenforce Permissive
#/etc/init.d/sshd start
Generating SSH1 RSA host key: [OK]
Generating SSH2 RSA host key: [OK]
Generating SSH3 RSA host key: [OK]
#setenforce Enforcing
-> switched SELinux back to enforcing

Pros and cons to this approach? Thanks.
 
Old 03-20-2009, 12:57 AM   #7
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,627

Rep: Reputation: Disabled
SELinux is a another thing that is used to enhance the security of system. By default it will operate in enforced mode so that it is active and will not allow certain or all services.
You can either turn it off completely by editing the file /etc/selinux/config file.
 
Old 03-20-2009, 01:11 AM   #8
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Or you can copy the selinux audit (open up the alert on the desktop & highlight & copy the audit info at the bottom), save it to a file (e.g. cat >sshpol, then press CTRL-v to paste it & CTRL-D) and then run:

audit2allow -M sshpol
sudo semodule -i sshpol.pp

Here is a good blog about it:
http://danwalsh.livejournal.com/24750.html

Did any one else note the ironic humor in suggesting disabling selinux protection to run the secure shell server?
 
Old 03-20-2009, 03:15 AM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,165
Blog Entries: 54

Rep: Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796Reputation: 2796
Quote:
Originally Posted by linuxlover.chaitanya View Post
You can either turn it off completely by editing the file /etc/selinux/config file.
Not only is the sentence wonky, the advice is bad. First work on fixing things before you decide to "just drop" a layer of security. If you don't know how either read up on it (search LQ) or please refrain from telling people to "just disable" it.
 
Old 03-20-2009, 03:42 AM   #10
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,627

Rep: Reputation: Disabled
No I am not telling him to do that. Just something that can be done. That does not mean that it should be done. That sentence has really got misinterpreted badly. The advice was not to disable the selinux. It was an information that it could be done if OP ever needs to do that not only for this case but in future if he need to for something else where server or the system could not be too prone to attacks due to either firewalls or for the reason that it is not connected to outer world.
Please do not misread it and if it reads like that then it does not mean what it looks like.
 
  


Reply

Tags
cant, fedora, sshd, start


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
A question about rsa host key fingerprints lawrence_lee_lee Linux - Software 8 07-17-2008 09:58 PM
failed ssh RSA key authentication jdarren Linux - Networking 15 07-06-2008 10:25 AM
booting RedHat - generating SSH1 RSA hosh key [FAILED] pru Linux - Newbie 1 02-04-2008 09:09 AM
RSA host key for 172.17.5.60 has changed ssharma_02 Red Hat 3 11-15-2006 09:55 AM
sshd - host key jamna17 *BSD 3 06-16-2004 08:20 AM


All times are GMT -5. The time now is 07:00 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration