Could not load host key: /etc/ssh/ssh_host_ed25519_key in /var/log/auth.log
You can generate the missing hostkey via:
ssh-keygen -A
ed25519
is a bit faster and more secure. It's not necessary and, aside from logspam, this doesn't have that much effect. You could, indeed, comment out HostKey /etc/ssh/ssh_host_ed25519_key
, without much effect. But, at the same time, `ed25519 is a good host-key format to support.
Related videos on Youtube
aidan
Updated on September 18, 2022Comments
-
aidan over 1 year
I have an Ubuntu 14.04 instance running on AWS.
I was browsing the auth logs (
/var/log/auth.log*
), and noticed the following line appearing:Could not load host key: /etc/ssh/ssh_host_ed25519_key
This line appears between 1k-10k times a day, presumably due to failed hack attempts.
In researching this problem, I came up with a number of questions.
What is the effect of the absence of this key? I can still log in fine with the key provided by AWS. Is it forcing the security of my SSH connections to be downgraded? Has it been disabled on purpose because of security concerns?
I've seen some people suggest that the key wasn't generated correctly during installation, and that I need to regenerate the key with
dpkg-reconfigure
orssh-keygen
.Alternatively, I've also seen people recommend just commenting out the line:
HostKey /etc/ssh/ssh_host_ed25519_key
in/etc/ssh/sshd_config
-
Alan almost 7 yearsAfter that, I also had to restart the ssh service: sudo service ssh restart
-
HeatfanJohn about 6 yearsI had empty files for
dsa
,ecdsa
anded25519
that I had to delete forssh-keygen -A
to do anything