2

I'm configuring ssh server, but have faced an issue.

First I generate the private/public rsa keys with:
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key and set password on prompt.

Then try to start sshd:
/etc/init.d/ssh start
but get errors:

Could not load host key: /etc/ssh/ssh_host_rsa_key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.

Key point: Everything works if a leave password for the private key empty when generating keys, but the above errors occur otherwise. Still though, leaving that password empty is not recommended.

Any ideas? Thanks.

Pavel A
  • 153
  • 2
  • 13

1 Answers1

4

Host keys can't be protected with passwords, so just leave that empty.

mgorven
  • 30,615
  • 7
  • 79
  • 122
  • Thank you for your answer. Though, I'm confused. Why is `ssh-keygen` prompts for a password in that case? Also, as I read at http://wiki.debian.org/SSH: "Note: We recommend to not leave the passphrase empty." Can you, please, further explain your point? – Pavel A Feb 11 '13 at 19:19
  • 1
    @PavelA Because `ssh-keygen` is also used for generating user SSH keys, which should be password protected. In most distros you don't generate the host keys manually, so most users don't encounter that message in the context of host keys. – mgorven Feb 11 '13 at 19:25
  • Okay, I've got it - thanks! Yeah, it is a very out-dated system (Debian Etch). On my Ubuntu system they have been generated as part of openssh-server package installation. – Pavel A Feb 11 '13 at 19:31