Ubuntu
openssh package

"Could not load host key: /etc/ssh/ssh_host_ecdsa_key" when connecting

Bug #1005440 reported by Michael Nagel
66
This bug affects 13 people
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Confirmed
Low
Unassigned

Bug Description

when connecting to my Ubuntu 12.04 server via ssh I get a log entry
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
for every (attempted) connection. SSH should be configured in a way that does not generate such a warning...

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: openssh-server 1:5.9p1-5ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-24.37-generic 3.2.14
Uname: Linux 3.2.0-24-generic x86_64
ApportVersion: 2.0.1-0ubuntu7
Architecture: amd64
Date: Mon May 28 11:00:08 2012
InstallationMedia:

SourcePackage: openssh
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Michael Nagel (nailor) wrote :
Revision history for this message
Chuck Short (zulcss) wrote :

Have you done the following:

sudo ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ”

Thanks
chuck

Changed in openssh (Ubuntu):
importance: Undecided → Low
status: New → Incomplete
Revision history for this message
Michael Nagel (nailor) wrote :

i did now, and it fixes the issue. i think the need to do this manually is somewhat unfortunate, however.

Changed in openssh (Ubuntu):
status: Incomplete → New
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in openssh (Ubuntu):
status: New → Confirmed
Revision history for this message
Kaizoku (neoark) wrote :

ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ”
Generating public/private ecdsa key pair.
passphrase too short: have 3 bytes, need > 4
Saving the key failed: /etc/ssh/ssh_host_ecdsa_key.

The above mentioned solution doesn't work.

Revision history for this message
Reinhard Berger (geist1) wrote :

The correct Syntax is as following :

sudo ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ”YourNew Passphrase"

Instead of "YourNew Passphrase" you can use any word that you like as long as it has more as 4 charachters.

Revision history for this message
Adrien Beau (adrienbeau) wrote :

I was affected by this bug too, using Ubuntu Server 12.04.1 LTS, with openssh-server 1:5.9p1-5ubuntu1. Using the following command line solved the issue:

sudo ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa

I think it is important to note the following:

-- I did not install Ubuntu myself, it was automatically installed by my dedicated hosting provider;

-- The install (or at least the SSH key generation) was performed from an operating system booted and downloaded from the network (Debian 6.0.4 as far as I can tell);

-- The Ubuntu install has been slightly altered by my dedicated hosting provider (nothing malicious, I checked that using debsums and diff; mostly a couple additional proprietary hardware RAID administration binaries in /sbin, a small monitoring framework in /usr/local, one additional cron entry, and their very own Linux kernel).

So, I cannot say that the missing key is due to a bug in the openssh-server install scripts (the openssh-server.postinst script looks fine to me); I strongly suspect it is due to a bug in my hosting provider's installation.

Michael Nagel, Kaizoku, did you install Ubuntu yourselves, or are you using a version installed by a hosting provider?

Revision history for this message
Michael Nagel (nailor) wrote :

> Michael Nagel are you using a version installed by a hosting provider?
yes, this is the case

Revision history for this message
hav0cer (dvanoverbeke) wrote :

Had the same issue here, using also a hosting provider.

Revision history for this message
latimerio (fomember) wrote :

I setup a vServer with ubuntu 12.04.02 LTS last week using the image that my provider has supplied and I get the same error reported from logwatch.

"error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key"

Looking at the /etc/ssh I only see:
ssh_config
sshd_config
ssh_host_dsa_key
ssh_host_dsa_key.pub
ssh_host_key
ssh_host_key.pub
ssh_host_rsa_key
ssh_host_rsa_key.pub

Strange enough I did not notice any problems not having the ecdsa key except the message from logwatch.
So what is it needed for anyway?

Nevertheless I created the ecdsa key using
 ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa
to get rid of the message.

Revision history for this message
Jeroen Pulles (jeroen-pulles) wrote :

A simple `dpkg-reconfigure openssh-server` also does the trick:

root@host:/# dpkg-reconfigure openssh-server
Creating SSH2 ECDSA key; this may take some time ...
Restarting OpenBSD Secure Shell server: sshd.

Revision history for this message
Simon Déziel (sdeziel) wrote :

The issue I believe is because openssh-server.postinst doesn't add new HostKey to an existing sshd_config file. Because of this, newer key format are not generated in postinst. IMHO, they should always be generated via "ssh-keygen -A" and the admin would then be free to include a HostKey directive for every supported key type.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.