Problems running sshd on gentoo

locazor · 01-03-2004, 08:59 AM

I ran

Code:

emerge sshd

to install the daemon. It compiled just fine and it is now installed. My problem is that when I try to run it, it doesn't accept my host keys running chmod 644. Whatever I try to set it to, it says it is unprotected and then ignores it, or it does not find the file at all when I set the chmod to for instance 400 or 700. What on earth am I supposed to do? I have generated the host keys with the following commands

Code:

    ssh-keygen -b 1024 -t rsa1 -f /etc/ssh/ssh_host_key -N ""
    ssh-keygen -b 1024 -t rsa -f /etc/ssh/ssh_host_rsa_key -N ""
    ssh-keygen -b 1024 -t dsa -f /etc/ssh/ssh_host_dsa_key -N ""

unSpawn · 01-03-2004, 11:13 AM

Sshd's own host keys /etc/ssh/ssh_host_* are chmod 0600, their public counterparts (/etc/ssh/ssh_host_*.pub) are 0644. Please post the actual and full errors.

locazor · 01-03-2004, 02:24 PM

Quote:

root@mendocino locazor # sshd -h /etc/ssh/ssh_host_rsa_key.pub
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_rsa_key.pub' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh/ssh_host_rsa_key.pub
Could not load host key: /etc/ssh/ssh_host_rsa_key.pub
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
root@mendocino locazor #

unSpawn · 01-03-2004, 04:55 PM

root@mendocino locazor # sshd -h /etc/ssh/ssh_host_rsa_key.pub
Try running "/etc/init.d/sshd start".
If it fails try "/etc/init.d/sshd status" and post the errors.

BTW, if you *must* a host key, then use /etc/ssh/ssh_host_dsa_key, not the dot pub one.

locazor · 01-03-2004, 06:05 PM

Quote:

root@mendocino locazor # /etc/init.d/sshd start
* Starting sshd...
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh/ssh_host_key
Could not load host key: /etc/ssh/ssh_host_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_rsa_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_dsa_key' are too open.
It is recommended that your private key files are NOT accessible by others.
This private key will be ignored.
bad permissions: ignore key: /etc/ssh/ssh_host_dsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting. [ !! ]

root@mendocino locazor # /etc/init.d/sshd status
* status: stopped
root@mendocino locazor #

unSpawn · 01-03-2004, 06:27 PM

http://www.linuxquestions.org/questi...49#post681149: Sshd's own host keys /etc/ssh/ssh_host_* are chmod 0600, their public counterparts (/etc/ssh/ssh_host_*.pub) are 0644.

If chmodding doesnt work, please post the init script in BB "code" tags (to preserve the format) and the output of "ls -al /etc/ssh". Bit awkward, this.

locazor · 01-03-2004, 06:37 PM

chmod didn't help either, but I deleted all my host keys and ran the /etc/init.d/sshd start script, then it generated the keys for itself and it worked. Thanks for your help

unSpawn · 01-03-2004, 06:45 PM

williamconley · 05-20-2007, 11:26 PM

Quote:

Originally Posted by locazor

chmod didn't help either, but I deleted all my host keys and ran the /etc/init.d/sshd start script, then it generated the keys for itself and it worked. Thanks for your help

thanks for posting that. it resolved an issue I have had (fighting intermittently) for three days.

I guess using the script to start it allows for a little more interaction that just firin it up.