某台SCO Unix 5.0.7的服务器上安装了OpenSSH 4.3p2版本,安装步骤可参考:[原]SCO上安装openssh 4.3p2 。但在启动sshd服务时,报如下的错误信息: 引用
# /usr/local/sbin/sshd
Could not load host key: /usr/local/etc/ssh/ssh_host_rsa1_key Could not load host key: /usr/local/etc/ssh/ssh_host_rsa_key Could not load host key: /usr/local/etc/ssh/ssh_host_dsa_key Disabling protocol version 2. Could not load host key sshd: no hostkeys available -- exiting. 一、故障原因 从提示信息可以看出,该问题发生的原因是,sshd服务器启动时,没有找到其自身需要的私钥。一般的OpenSSH版本都支持三种协议:rsa1、rsa2和dsa,这在配置文件中决定: 引用
# cat /usr/local/etc/ssh/sshd_config |grep HostKey
# HostKey for protocol version 1 HostKey /usr/local/etc/ssh/ssh_host_rsa1_key # HostKeys for protocol version 2 HostKey /usr/local/etc/ssh/ssh_host_rsa_key HostKey /usr/local/etc/ssh/ssh_host_dsa_key ※ 注意,根据配置文件定义的不同,例如:使用源码,还是pkg包安装,这些路径可能会有差异。红旗Linux上rpm定义的配置文件,与SCO上源码安装时配置文件中上述密钥的默认名称和路径都不同。需根据实际情况操作。 引用
# service sshd start
生成 SSH1 RSA 主机键: [确定] 生成 SSH2 RSA 主机键: [确定] 正在生成 SSH2 DSA 主机键: [确定] 启动 sshd: [确定]
# cd /usr/local/etc/ssh/
# /usr/local/bin/ssh-keygen -q -t rsa1 -f ./ssh_host_rsa1_key -C '' -N '' # chmod 600 ./ssh_host_rsa1_key # chmod 644 ./ssh_host_rsa1_key.pub # /usr/local/bin/ssh-keygen -q -t rsa -f ./ssh_host_rsa_key -C '' -N '' # chmod 600 ./ssh_host_rsa_key # chmod 644 ./ssh_host_rsa_key.pub # /usr/local/bin/ssh-keygen -q -t dsa -f ./ssh_host_dsa_key -C '' -N '' # chmod 600 ./ssh_host_dsa_key # chmod 644 ./ssh_host_dsa_key.pub 最后,启动sshd服务即可: # /usr/local/sbin/sshd
# netstat -an|grep 22 问题解决。 引用
# ssh 192.168.16.129
The authenticity of host '192.168.16.129 (192.168.16.129)' can't be established. RSA key fingerprint is 8f:a3:ab:82:fd:9e:26:37:1e:3e:f0:74:c3:65:9c:6e. Are you sure you want to continue connecting (yes/no)? yes root@192.168.16.129's password: Last login: Thu Feb 19 19:29:23 2009 from 192.168.16.1 [root@asianux3 ~]# 当服务端的上述几个文件密钥被改变(私钥和公钥是成对的),这时,客户再次连接时,报下面的错误: 引用
# ssh 192.168.16.129
@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 19:05:03:5c:ac:b5:9d:ba:15:5a:46:7e:32:0e:b8:79. Please contact your system administrator. Add correct host key in /root/.ssh/known_hosts to get rid of this message. Offending key in /root/.ssh/known_hosts:1 RSA host key for 192.168.16.129 has changed and you have requested strict checking. Host key verification failed. 原 因就是公钥被修改了。这问题在4.7p1以上的版本,ssh客户端会自动提示更新公钥。Windows上的putty等客户端也会有更新公钥的提示。而在 旧版本的OpenSSH客户端上,可以删除客户端登陆用户的~/.ssh/known_hosts文件中对应的服务端公钥,或直接清空该文件: # echo > /root/.ssh/known_hosts
那么,再次登陆时,就会提示从服务端拿到新的公钥了: 引用
# ssh 192.168.16.129
The authenticity of host '192.168.16.129 (192.168.16.129)' can't be established. RSA key fingerprint is 19:05:03:5c:ac:b5:9d:ba:15:5a:46:7e:32:0e:b8:79. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.16.129' (RSA) to the list of known hosts. root@192.168.16.129's password: Last login: Thu Feb 19 19:59:52 2009 from 192.168.16.129 |