Re: Could not load host key: ..., but keys exist.

On 19 Mar, 17:17, Simon Tatham <ana...@xxxxxxxxx> wrote:
<f...@xxxxx> wrote:
I re-generated them in this way:
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
when promted for password, i typed custom password.

How do you expect sshd to load the keys without knowing that
passphrase?

The host keys should be generated _without_ a passphrase, because
otherwise sshd can't load them.

(In principle you could instead tell sshd the passphrase, but in
practice (a) no sshd I've heard of supports this mode of use, and
(b) it wouldn't be a security improvement anyway since the
passphrase would have to be stored on disk.)

Well, in theory, you could have an SSH agent for them. But I've never
heard ot this approach for host keys!
.

Relevant Pages

  • Re: Could not load host key: ..., but keys exist.
    ... The host keys should be generated _without_ a passphrase, ... otherwise sshd can't load them. ...
    (comp.security.ssh)
  • Re: Could not load host key: ..., but keys exist.
    ... The host keys should be generated _without_ a passphrase, ... otherwise sshd can't load them. ... Regenerated keys without password, now it works! ...
    (comp.security.ssh)
  • Re: Double Auth with SSH
    ... Is there a way to have SSH Auth with a key and then still require a ... The usual way is to have a passphrase on the key. ... On most Linux distros, sshd is pam enabled. ... But PAM doesn't understand SSH DSA auth - that would be handled directly by ...
    (comp.os.linux.security)
  • Re: how to create host_key for sshd
    ... how can I create all host keys for sshd from commandline? ... >>sshd during system booting. ... I created three host keys base on the passsword: ...
    (comp.unix.bsd.freebsd.misc)
  • Re: Accepting different server keys on different ports
    ... Greg Wooledge wrote: ... >Why can't you just use the same host keys on all three ports/instances ... >of sshd? ...
    (SSH)