Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-19-2009, 03:39 AM
|
#1
|
LQ Newbie
Registered: Feb 2009
Location: NZ
Distribution: Ubuntu
Posts: 9
Rep:
|
can't start sshd. Error is "Generating SSH1 RSA host key [FAILED]
fedora 10:
I can't start sshd, any ideas guys?
$service sshd start
Generating SSH1 RSA Host key [FAILED]
no instance of sshd is running yet. Thanks.
|
|
|
03-19-2009, 05:13 AM
|
#2
|
Moderator
Registered: May 2001
Posts: 29,415
|
Do your system logs hold any information? If not, does checking /etc/init.d/sshd and running startup commands manually from the CLI show any info?
|
|
|
03-19-2009, 06:12 AM
|
#3
|
Senior Member
Registered: Apr 2008
Location: Gurgaon, India
Distribution: Cent OS 6/7
Posts: 4,638
Rep:
|
I guess the services are to be started as root on root as on RH. The $ says you are not.
|
|
|
03-19-2009, 05:29 PM
|
#4
|
Moderator
Registered: May 2001
Posts: 29,415
|
Quote:
Originally Posted by linuxlover.chaitanya
The $ says you are not.
|
Missed that. Good one!
|
|
|
03-20-2009, 01:34 AM
|
#5
|
LQ Newbie
Registered: Feb 2009
Location: NZ
Distribution: Ubuntu
Posts: 9
Original Poster
Rep:
|
Thanks. I tried as root but got the same result. Checking /var/log/messages showed below:
SELinux is prventing ssh-keygen (ssh_keygen_t) "read" to libgssapi_krb5.so.2
Not really sure how to control SELinux from CLI
|
|
|
03-20-2009, 01:42 AM
|
#6
|
LQ Newbie
Registered: Feb 2009
Location: NZ
Distribution: Ubuntu
Posts: 9
Original Poster
Rep:
|
I gave this option a try and it worked
as root:
#setenforce Permissive
#/etc/init.d/sshd start
Generating SSH1 RSA host key: [OK]
Generating SSH2 RSA host key: [OK]
Generating SSH3 RSA host key: [OK]
#setenforce Enforcing -> switched SELinux back to enforcing
Pros and cons to this approach? Thanks.
|
|
|
03-20-2009, 01:57 AM
|
#7
|
Senior Member
Registered: Apr 2008
Location: Gurgaon, India
Distribution: Cent OS 6/7
Posts: 4,638
Rep:
|
SELinux is a another thing that is used to enhance the security of system. By default it will operate in enforced mode so that it is active and will not allow certain or all services.
You can either turn it off completely by editing the file /etc/selinux/config file.
|
|
|
03-20-2009, 02:11 AM
|
#8
|
LQ Guru
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733
|
Or you can copy the selinux audit (open up the alert on the desktop & highlight & copy the audit info at the bottom), save it to a file (e.g. cat >sshpol, then press CTRL-v to paste it & CTRL-D) and then run:
audit2allow -M sshpol
sudo semodule -i sshpol.pp
Here is a good blog about it:
http://danwalsh.livejournal.com/24750.html
Did any one else note the ironic humor in suggesting disabling selinux protection to run the secure shell server?
|
|
|
03-20-2009, 04:15 AM
|
#9
|
Moderator
Registered: May 2001
Posts: 29,415
|
Quote:
Originally Posted by linuxlover.chaitanya
You can either turn it off completely by editing the file /etc/selinux/config file.
|
Not only is the sentence wonky, the advice is bad. First work on fixing things before you decide to "just drop" a layer of security. If you don't know how either read up on it (search LQ) or please refrain from telling people to "just disable" it.
|
|
|
03-20-2009, 04:42 AM
|
#10
|
Senior Member
Registered: Apr 2008
Location: Gurgaon, India
Distribution: Cent OS 6/7
Posts: 4,638
Rep:
|
No I am not telling him to do that. Just something that can be done. That does not mean that it should be done. That sentence has really got misinterpreted badly. The advice was not to disable the selinux. It was an information that it could be done if OP ever needs to do that not only for this case but in future if he need to for something else where server or the system could not be too prone to attacks due to either firewalls or for the reason that it is not connected to outer world.
Please do not misread it and if it reads like that then it does not mean what it looks like.
|
|
|
All times are GMT -5. The time now is 04:12 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|