l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 7: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2001 Dec 30 17:03

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] sshd error - help
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] sshd error - help



On Sat, Apr 14, 2001 at 12:00:09PM -0700, Peter Jay Salzman wrote:
> On Sat 14 Apr 01, 11:45 AM, Henry House said: 
> > On Sat, Apr 14, 2001 at 11:38:35AM -0700, Peter Jay Salzman wrote:
> > > i'm getting this error when i start the daemon:
> > > 
> > >    # /etc/init.d/ssh start
> > >    Starting OpenBSD Secure Shell server: sshd
> > >    Disabling protocol version 2. Could not load host key.
> > > 
> > > does anyone know how to fix this?   do i have to generate a new host key
> > > somehow?   how do i do that?
> > 
> > Protocol versions 1 and 2 use different host keys. You need to run ssh-keygen with 
>-t rsa or -t dsa for a protocol 2 key or ssh-keygen -t rsa1 for a protocol 1 key. The 
>result goes in /etc/ssh_host_dsa_key.
> 
> do you recommend rsa or dsa?

DSA is more standard. No comment on relative security, since this is more a
function of the overall implementation of the cryptosystem than the cipher
used.

> also, it seem to ask me for a file to save to and a passphrase:
> 
>   # ssh-keygen -t dsa
>   Generating public/private dsa key pair.
>   Enter file in which to save the key (/root/.ssh/id_dsa): /etc/ssh_host_dsa_key
>   Enter passphrase (empty for no passphrase):
> 
> at this point i control d'ed out of it; doesn't feel right.  why would it ask
> me what file to write to and why would it ask me for a passphrase?

You don't want a passphrase here. The host key is used to authenticate your
machine to clients. It it never used interatively and never used to permit
logins. Its purpose is to prevent DNS spoofing. If you choose to use RSA or
DSA authentication in place of a password, the keys for this are kept in you
~/.ssh and are specific to your account.

-- 
Henry House
OpenPGP key available from http://hajhouse.org/hajhouse.asc


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.