Sshd test fails no host keys available, but sshd appears to be running OK

Hello,

New to Manjaro (2 days), so thanks in advance for your patience. Hopefully I am posting in the right forum.

As titled, essentially my mystery is that sshd -T returns sshd: no hostkeys available --exiting. And yet sshd appears to be running normally. I am making successful connections and not getting any known_hosts complaints on the client-side.

/etc/ssh/ appears populated with the correct, auto-generated keys (though I do notice the public keys are rw-r--r--, which I’ve seen trigger permissions complaints in other OS.

HostKeys in sshd_config also appear to be commented out. But AFAIK that is by design, as they are only supposed to be edited if changing from the defaults?

I tried creating a sshd_config drop-in unit file with just HostKey /etc/ssh/ssh_host_ed25519_key. On sshd -T I then get a Unable to load host key: /etc/ssh/ssh_host_ed25519_key

Is there something about the configs that are perhaps creating a false positive when running the test?

Ultimately just trying to determine if the test error can be safely ignored.

Many thanks.

There should not be any error.

The Host key need to be only readable by root. On my systems, if a private key is readable by others, I see something like this

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/etc/ssh/ssh_host_ed25519_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Unable to load host key "/etc/ssh/ssh_host_ed25519_key": bad permissions
Unable to load host key: /etc/ssh/ssh_host_ed25519_key

The permission musst be at least 600, or the key is not used.


Just to be sure, you do run the sshd -T command as root? Not with your normale user. It is required to run the command as root or with sudo.

Yep looks like it was an ambiguous permissions complaint. That fixed. Many thanks!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.