When sshd is started, the error "cocould not load host key" is reported, sshdhost
Originally published in cu:
Symptom:When starting the sshd service, although it seems that the service is successfully started, the client cannot connect to the sshd server. As follows:
[root@aefe8007a17d ~]# /usr/sbin/sshdCould not load host key: /etc/ssh/ssh_host_rsa_keyCould not load host key: /etc/ssh/ssh_host_ecdsa_keyCould not load host key: /etc/ssh/ssh_host_ed25519_key
Cause:
1. According to the prompts, the sshd daemon cannot load host key files, because these key files cannot be found (the key file name and path have been defined in the configuration file/etc/ssh/sshd_config );
2. Generally, after the openssh service is properly installed, the host automatically generates the corresponding host key file. However, this step is not completed for unknown reasons, resulting in remote ssh connection failure.
Ps: Check whether the key file exists (another phenomenon is that the key file exists, but the file size is 0 ):
[root@aefe8007a17d ~]# ll /etc/ssh/total 252-rw-r--r-- 1 root root 242153 Mar 21 22:18 moduli-rw-r--r-- 1 root root 2208 Mar 21 22:18 ssh_config-rw------- 1 root root 4361 Mar 21 22:18 sshd_config
Solution: regenerate the host key file:
1. Generate rsa_key (-t indicates the encryption type used by the generated key;-f is followed by the key file name to be generated );
[root@aefe8007a17d ~]# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_keyGenerating public/private rsa key pair.Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /etc/ssh/ssh_host_rsa_key.Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.The key fingerprint is:5e:2d:19:51:b1:e3:e0:60:65:53:e4:14:f8:d8:38:af root@aefe8007a17dThe key's randomart image is:+--[ RSA 2048]----+| ==Bo || o.= . || o o=+ || . o+*o. || S =oo || . . .. || . . || E || |+-----------------+[root@aefe8007a17d ~]# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
2. Generate ecdsa_key;
[root@aefe8007a17d ~]# ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
3. Generate ed25519_key.
[root@aefe8007a17d ~]# ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
Verification:
1. Check again whether the key file exists and is compliant. You can see that the corresponding host key file has been generated (in fact, the host key file is the private key and the. pub file is the public key ):
[root@aefe8007a17d ~]# ll /etc/ssh/total 276-rw-r--r-- 1 root root 242153 Mar 21 22:18 moduli-rw-r--r-- 1 root root 2208 Mar 21 22:18 ssh_config-rw------- 1 root root 227 May 22 16:48 ssh_host_ecdsa_key-rw-r--r-- 1 root root 179 May 22 16:48 ssh_host_ecdsa_key.pub-rw------- 1 root root 411 May 22 16:48 ssh_host_ed25519_key-rw-r--r-- 1 root root 99 May 22 16:48 ssh_host_ed25519_key.pub-rw------- 1 root root 1679 May 22 16:48 ssh_host_rsa_key-rw-r--r-- 1 root root 399 May 22 16:48 ssh_host_rsa_key.pub-rw------- 1 root root 4361 Mar 21 22:18 sshd_config
2. Now the client can connect to the sshd server through ssh:
[root@localhost ~]# ssh 172.17.0.2The authenticity of host '172.17.0.2 (172.17.0.2)' can't be established.ECDSA key fingerprint is 37:2a:69:46:c4:bd:92:b2:43:b4:cc:42:41:8e:12:2e.Are you sure you want to continue connecting (yes/no)?