Sshd Can't Load Host Key

NOYB

This log message is generated every time connection via ssh (connection is successful).

error: Could not load host key: /etc/ssh/ssh_host_dsa_key

The file is not there.

jimp

Is there a /etc/ssh/ssh_host_dsa_key.pub file? If so, remove it. We don't create DSA keys any longer, so I wouldn't expect that to toss an error.

It should only have those if they were there from 2.2.x.

On 2.3 it should only make RSA, ECDSA, and ED25519.

NOYB

There is no dsa files. Only the rsa, ecdsa, and ed2519 files. This is a fresh 2.3 install so nothing from 2.2.x.

Every time I connect it logs the error about not being able to load the host key: ssh_host_dsa_key. Then accepts the connection.


Accepted publickey for root from 192.168.2.21 port 63937 ssh2: RSA SHA256:+iLjwFiey...

jimp

Are you sure the message is coming from the server and not the client? Maybe the client is requesting the DSA key specifically?
What client is it?

Koenig

I'm seeing the same thing and am also on a fresh install, sort of, upgraded from RC which was installed a couple of days back but been seeing this all the time from the fresh install.

jimp

So is the message displayed to the SSH client, put in the system log on the server? Somewhere else? It's not been clearly stated where the error is shown.

Koenig

@jimp:

So is the message displayed to the SSH client, put in the system log on the server? Somewhere else? It's not been clearly stated where the error is shown.

It's in the systemlog of pfSense.


Apr 13 07:48:14	sshd	40540	Accepted keyboard-interactive/pam for admin from 192.168.1.100 port 49169 ssh2
Apr 13 07:48:08	sshd	40540	error: Could not load host key: /etc/ssh/ssh_host_dsa_key

jimp

Ah, ok. I was thinking it was shown on the client. I do see that in the system log on at least one of mine. Seems harmless but annoying. I know we disabled generation of DSA keys, but for some reason sshd is still trying to read them.
Probably worth opening a redmine ticket for.

NOYB

Ticket opened: https://redmine.pfsense.org/issues/6143

javcasta

Hello

I have the same log:

May 4 13:46:58 sshd 80914 Accepted password for root from 10.168.0.10 port 56527 ssh2
May 4 13:46:57 sshd 80914 error: Could not load host key: /etc/ssh/ssh_host_dsa_key
May 4 13:46:57 sshd 68220 Accepted password for root from 10.168.0.10 port 56526 ssh2
May 4 13:46:50 sshd 68220 error: Could not load host key: /etc/ssh/ssh_host_dsa_key
May 4 13:46:48 sshd 81132 Disconnected from 10.168.0.10 port 55951
May 4 13:46:48 sshd 81132 Received disconnect from 10.168.0.10 port 55951:11: disconnected by user
May 4 13:43:25 sshd 21426 Accepted password for root from 10.168.0.10 port 56514 ssh2
May 4 13:43:25 sshd 21426 error: Could not load host key: /etc/ssh/ssh_host_dsa_key
May 4 13:42:08 sshd 86408 Accepted password for root from 10.168.0.10 port 56511 ssh2
May 4 13:42:07 sshd 86408 error: Could not load host key: /etc/ssh/ssh_host_dsa_key
May 4 13:22:52 sshd 60475 Accepted password for root from 10.168.0.10 port 56455 ssh2
May 4 13:22:52 sshd 60475 error: Could not load host key: /etc/ssh/ssh_host_dsa_key
May 4 13:20:32 sshd 16348 Accepted password for root from 10.168.0.10 port 56450 ssh2
May 4 13:20:31 sshd 16348 error: Could not load host key: /etc/ssh/ssh_host_dsa_key
May 4 13:17:14 sshd 62619 Accepted password for root from 10.168.0.10 port 56442 ssh2
May 4 13:17:14 sshd 62619 error: Could not load host key: /etc/ssh/ssh_host_dsa_key
May 4 13:15:10 sshd 43987 Accepted password for root from 10.168.0.10 port 56440 ssh2
May 4 13:15:09 sshd 43987 error: Could not load host key: /etc/ssh/ssh_host_dsa_key
May 4 13:11:22 sshd 43956 Accepted password for root from 10.168.0.10 port 56427 ssh2
May 4 13:11:22 sshd 43956 error: Could not load host key: /etc/ssh/ssh_host_dsa_key
May 4 13:10:52 sshd 87366 Accepted password for root from 10.168.0.10 port 56425 ssh2
May 4 13:10:51 sshd 87366 error: Could not load host key: /etc/ssh/ssh_host_dsa_key
May 4 13:06:39 sshd 53397 Accepted password for root from 10.168.0.10 port 56408 ssh2
May 4 13:06:39 sshd 53397 error: Could not load host key: /etc/ssh/ssh_host_dsa_key
May 4 13:06:02 sshd 89698 Accepted password for root from 10.168.0.10 port 56407 ssh2
May 4 13:06:02 sshd 89698 error: Could not load host key: /etc/ssh/ssh_host_dsa_key
May 4 13:04:14 sshd 97231 Accepted password for root from 10.168.0.10 port 56399 ssh2
May 4 13:04:13 sshd 97231 error: Could not load host key: /etc/ssh/ssh_host_dsa_key

I have pfSense 2.3 (2.3_1) amd64 and its a fresh installation.

My ssh client is MobaXterm (based in putty)

But the ssh connections works fine to me.

Regards.

johnpoz

I am not seeing any such entries.. Just logs that it accepted my public key

But I do have the key which would explain why no error ;)
-rw–----- 1 root wheel 668 Dec 23 2014 ssh_host_dsa_key
-rw-r--r-- 1 root wheel 612 Dec 23 2014 ssh_host_dsa_key.pub

This is on an upgraded system running 2.3 that had been upgraded a few times I believe from previous 2.2.x versions.. I would assume those keys were done back before removed the generation of the keys..

sshdlog.png_thumb

NOYB

I believe the fix for this is in 2.3.1. I't may be in one of git commits for 2.3 also. Don't recall for sure, but pretty sure it's been fixed.

Bug Report:
https://redmine.pfsense.org/issues/6143

Fix Commit:
https://github.com/pfsense/pfsense/pull/2874

cmb

Yeah it's fixed for 2.3.1. Just log spam, not hurting anything.