SSH issues


Forum: Networking
Topic: SSH issues
started by: spanners
Posted by spanners on Feb. 24 2008,18:13
Hi All
I'm using the DSL default OpenBSD SSH server and am having no luck getting my keys to work. I run the ssh-keygen application to create /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_rsa_key and they are created with 600 permissions. However when start up sshd it then says it can't load the host keys, none are available and exits.
If I change the key permissions to 644 (or anything that gives group or user access) then sshd sees they are there but claims they are too open and it won't use them.
Please help!
John
Posted by roberts on Feb. 24 2008,19:27
I don't have any problems with password-less scp/ssh using DSL v4.2.5.
Mine are stored in /root/.ssh and were generated with
# ssh-keygen -t rsa


HTH
Posted by jpeters on Feb. 25 2008,02:40
Quote (spanners @ Feb. 24 2008,13:13)
Hi All
I'm using the DSL default OpenBSD SSH server and am having no luck getting my keys to work. I run the ssh-keygen application to create /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_rsa_key and they are created with 600 permissions. However when start up sshd it then says it can't load the host keys, none are available and exits.
If I change the key permissions to 644 (or anything that gives group or user access) then sshd sees they are there but claims they are too open and it won't use them.
Please help!
John

If I try "etc/init.d/ssh start" I get the same message:

Starting OpenBSD Secure Shell server: sshdCould not load host key: /etc/ssh/ssh_host_key
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.

Nevertheless, it's working, and I can scp to/from other computers. Perms are root,root.
Posted by Jason W on Feb. 25 2008,05:37
jpeters,
 Did you star the /etc/init.d/ssh service with sudo or as root?  It tries to write to /etc so it must have root priviledges.
Posted by jpeters on Feb. 25 2008,06:21
Quote (Jason W @ Feb. 25 2008,00:37)
jpeters,
 Did you star the /etc/init.d/ssh service with sudo or as root?  It tries to write to /etc so it must have root priviledges.

Yes, that was the problem.  I run that line from /opt/bootlocal where it's not necessary to be in root.  Thanks for pointing that out.
Posted by spanners on Feb. 25 2008,08:37
Quote (jpeters @ Feb. 24 2008,21:40)

If I try "etc/init.d/ssh start" I get the same message:

Starting OpenBSD Secure Shell server: sshdCould not load host key: /etc/ssh/ssh_host_key
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.

Nevertheless, it's working, and I can scp to/from other computers. Perms are root,root.

Yeah that's the same message I get but ssh actually exits. I'm running it as root.
Posted by jpeters on Feb. 25 2008,09:02
Quote (spanners @ Feb. 25 2008,03:37)
Yeah that's the same message I get but ssh actually exits. I'm running it as root.

It doesn't matter that they exist.  Does it start from /opt/bootlocal.sh   ?
I also copy the keys " cp /ssh_keys/*key* /etc/ssh/" , and then "/etc/init.d/ssh start"

Also, did you try "sudo /usr/sbin/sshstart"  ?
Posted by spanners on Feb. 25 2008,18:22
Quote (jpeters @ Feb. 25 2008,04:02)
It doesn't matter that they exist.  Does it start from /opt/bootlocal.sh   ?
I also copy the keys " cp /ssh_keys/*key* /etc/ssh/" , and then "/etc/init.d/ssh start"

Also, did you try "sudo usr/sbin/sshstart"  ?

I've tried running it from bootlocal.sh and manually as root and using 'sudo /usr/sbin/sshstart' but all fail.
It seems like it can't find the keys if they're not set for user access but when it does find them then it says theyre too open. Either way without the keys it just exits.
Posted by jpeters on Feb. 26 2008,05:16
Quote (spanners @ Feb. 25 2008,13:22)
I've tried running it from bootlocal.sh and manually as root and using 'sudo /usr/sbin/sshstart' but all fail.
It seems like it can't find the keys if they're not set for user access but when it does find them then it says theyre too open. Either way without the keys it just exits.

I'm shooting in the dark here, but would try booting up another version of DSL, vary bootcodes (e.g, dsl base norestore), check dmesg, etc., to find out where the conflict is.  

note: stay with root/root; no need to create more problems; it's likely that something is corrupted.

EDIT:  Try the dsl base norestore idea first; the keys should load (with "sudo /etc/init.d/ssh start")
If not, maybe posting more specifics about your setup will get a response.
Posted by spanners on Feb. 27 2008,15:12
Quote (jpeters @ Feb. 26 2008,00:16)
I'm shooting in the dark here, but would try booting up another version of DSL, vary bootcodes (e.g, dsl base norestore), check dmesg, etc., to find out where the conflict is.  

note: stay with root/root; no need to create more problems; it's likely that something is corrupted.

EDIT:  Try the dsl base norestore idea first; the keys should load (with "sudo /etc/init.d/ssh start")
If not, maybe posting more specifics about your setup will get a response.

I'll do that bud, thanks all for your help so far, this has really got me stumped!
Posted by spanners on Mar. 13 2008,20:40
Well just for info I finally found a solution to the problem. In sheer frustration I deleted the DSA and RSA keys and when I ran up the server again it created fresh ones that it can read happily. Aaaahhhhhhhhhhh
Powered by Ikonboard 3.1.2a
Ikonboard © 2001 Jarvis Entertainment Group, Inc.