When you start the SSH service, you are prompted could not load host key:/etc/ssh/ssh_host_rsa_key

When you enable the SSH service, you will sometimes see the following prompt:

[email protected]:~#/etc/init.d/ssh Start
* Starting OpenBSD Secure Shell server sshd
Could not load host key:/etc/ssh/ssh_host_rsa_key
Could not load host key:/etc/ssh/ssh_host_dsa_key

There are two tips for Could not load host key:/etc/ssh/ssh_host_rsa_key and Could not load host key:/etc/ssh/ssh_host_dsa_key, if you are connecting from a client is not successful when you go to the server. This is due to the need to have RSA or DSA key authentication in the SSH connection protocol. Therefore, we can use the Ssh-keygen program on the server side to generate a pair of public/private key pairs

Run the following command:

[Email protected]:/etc/ssh# ssh-keygen-t rsa-b 2048-f/etc/ssh/ssh_host_rsa_key
Generating public/private RSA key pair.
Enter passphrase (empty for no passphrase): #直接回车即可
Enter same Passphrase again:
Your identification has been saved In/etc/ssh/ssh_host_rsa_key.
Your public key has been saved in/etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
3b:a4:b8:df:a9:15:d1:62:df:d5:d1:41:50:59:4a:96 [email protected]
The key ' s Randomart image is:
+--[RSA 2048]----+
| .***|
|   . oe+o|
|   + . O. |
| . + .   . |
| S.    . |
| . o O |
| . . +        |
| . o O |
| .. o.o |
+-----------------+

In the Ssh-keygen command above, the-t option indicates the type of encryption used to generate the key, the RSA is selected, and the-B option represents the bit, followed by an integer that represents the number of encrypted bits, the higher the value, the higher the encryption strength; the-f option followed by the key file name to be generated. According to the Sshd_config configuration file under the/etc/ssh directory, the RSA key default identification file name is Ssh_host_rsa_key.

After the command executes successfully, you will see two files generated under/etc/ssh: Ssh_host_rsa_key and Ssh_host_rsa_key.pub, which is the private key and the second is the public key. In this way, when the connection with Putty, the first will be prompted to the server side of the encryption fingerprint has been modified, if the trust point Yes to continue, otherwise disconnected, here is of course choose to trust Yes. Thereafter, the client encrypts the data with the public key and sends it to the server, and the server decrypts it with the private key after it receives the data.

When you start the SSH service, you are prompted could not load host key:/etc/ssh/ssh_host_rsa_key