LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Problems running sshd on gentoo (https://www.linuxquestions.org/questions/linux-security-4/problems-running-sshd-on-gentoo-131126/)

locazor 01-03-2004 08:59 AM
Problems running sshd on gentoo
 
I ran
Code:
emerge sshd
to install the daemon. It compiled just fine and it is now installed. My problem is that when I try to run it, it doesn't accept my host keys running chmod 644. Whatever I try to set it to, it says it is unprotected and then ignores it, or it does not find the file at all when I set the chmod to for instance 400 or 700. What on earth am I supposed to do? I have generated the host keys with the following commands

Code:
    ssh-keygen -b 1024 -t rsa1 -f /etc/ssh/ssh_host_key -N ""
    ssh-keygen -b 1024 -t rsa -f /etc/ssh/ssh_host_rsa_key -N ""
    ssh-keygen -b 1024 -t dsa -f /etc/ssh/ssh_host_dsa_key -N ""

unSpawn 01-03-2004 11:13 AM
Sshd's own host keys /etc/ssh/ssh_host_* are chmod 0600, their public counterparts (/etc/ssh/ssh_host_*.pub) are 0644. Please post the actual and full errors.

locazor 01-03-2004 02:24 PM
Quote:
root@mendocino locazor # sshd -h /etc/ssh/ssh_host_rsa_key.pub
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_rsa_key.pub' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh/ssh_host_rsa_key.pub
Could not load host key: /etc/ssh/ssh_host_rsa_key.pub
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
root@mendocino locazor #

unSpawn 01-03-2004 04:55 PM
root@mendocino locazor # sshd -h /etc/ssh/ssh_host_rsa_key.pub
Try running "/etc/init.d/sshd start".
If it fails try "/etc/init.d/sshd status" and post the errors.

BTW, if you *must* a host key, then use /etc/ssh/ssh_host_dsa_key, not the dot pub one.

locazor 01-03-2004 06:05 PM
Quote:
root@mendocino locazor # /etc/init.d/sshd start
* Starting sshd...
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh/ssh_host_key
Could not load host key: /etc/ssh/ssh_host_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_rsa_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_dsa_key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh/ssh_host_dsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting. [ !! ]

root@mendocino locazor # /etc/init.d/sshd status
* status: stopped
root@mendocino locazor #

unSpawn 01-03-2004 06:27 PM
http://www.linuxquestions.org/questi...49#post681149: Sshd's own host keys /etc/ssh/ssh_host_* are chmod 0600, their public counterparts (/etc/ssh/ssh_host_*.pub) are 0644.

If chmodding doesnt work, please post the init script in BB "code" tags (to preserve the format) and the output of "ls -al /etc/ssh". Bit awkward, this.

locazor 01-03-2004 06:37 PM
chmod didn't help either, but I deleted all my host keys and ran the /etc/init.d/sshd start script, then it generated the keys for itself and it worked. Thanks for your help :)

unSpawn 01-03-2004 06:45 PM
Np.

williamconley 05-20-2007 11:26 PM
Quote:
Originally Posted by locazor
chmod didn't help either, but I deleted all my host keys and ran the /etc/init.d/sshd start script, then it generated the keys for itself and it worked. Thanks for your help :)

thanks for posting that. it resolved an issue I have had (fighting intermittently) for three days. :)

I guess using the script to start it allows for a little more interaction that just firin it up.


All times are GMT -5. The time now is 09:12 AM.