Re: [vox-tech] sshd error - help
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vox-tech] sshd error - help
On Sat, Apr 14, 2001 at 12:00:09PM -0700, Peter Jay Salzman wrote:
> On Sat 14 Apr 01, 11:45 AM, Henry House said:
> > On Sat, Apr 14, 2001 at 11:38:35AM -0700, Peter Jay Salzman wrote:
> > > i'm getting this error when i start the daemon:
> > >
> > > # /etc/init.d/ssh start
> > > Starting OpenBSD Secure Shell server: sshd
> > > Disabling protocol version 2. Could not load host key.
> > >
> > > does anyone know how to fix this? do i have to generate a new host key
> > > somehow? how do i do that?
> >
> > Protocol versions 1 and 2 use different host keys. You need to run ssh-keygen with
>-t rsa or -t dsa for a protocol 2 key or ssh-keygen -t rsa1 for a protocol 1 key. The
>result goes in /etc/ssh_host_dsa_key.
>
> do you recommend rsa or dsa?
DSA is more standard. No comment on relative security, since this is more a
function of the overall implementation of the cryptosystem than the cipher
used.
> also, it seem to ask me for a file to save to and a passphrase:
>
> # ssh-keygen -t dsa
> Generating public/private dsa key pair.
> Enter file in which to save the key (/root/.ssh/id_dsa): /etc/ssh_host_dsa_key
> Enter passphrase (empty for no passphrase):
>
> at this point i control d'ed out of it; doesn't feel right. why would it ask
> me what file to write to and why would it ask me for a passphrase?
You don't want a passphrase here. The host key is used to authenticate your
machine to clients. It it never used interatively and never used to permit
logins. Its purpose is to prevent DNS spoofing. If you choose to use RSA or
DSA authentication in place of a password, the keys for this are kept in you
~/.ssh and are specific to your account.
--
Henry House
OpenPGP key available from http://hajhouse.org/hajhouse.asc
|
