Skip to content

Instantly share code, notes, and snippets.

@tajidyakub

tajidyakub/error-host-keys-bare-install-debian-8.0-kvm-vps.md

Last active September 1, 2017 12:25
Show Gist options
  • Save tajidyakub/dc8d8133fd3bdef4d2fbe2921fcbe2fa to your computer and use it in GitHub Desktop.
Save tajidyakub/dc8d8133fd3bdef4d2fbe2921fcbe2fa to your computer and use it in GitHub Desktop.
Download ZIP
Error host_keys di basic install Debian 8.0 64 bit KVM Virtual Machine
Raw
error-host-keys-bare-install-debian-8.0-kvm-vps.md

Error host-keys Service SSH di Bare minimum Install KVM VPS

Cek Error

  • Jalankan service SSHD
  • Aktifkan publickey Authentication Methods
  • Error:
Sep 01 18:25:13 host sshd[11502]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Sep 01 18:25:13 host sshd[11502]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key

Solusi 1 : Generate key manual menggunakan ssh-keygen

  • Generate key secara otomatis menggunakan ssh-keygen
# cd /etc/ssh/
# ssh-keygen -A
  • Pastikan host-keys sudah digenerate
root@host:/etc/ssh# ls -liah
total 300K
 26843 drwxr-xr-x  3 root root 4.0K Sep  1 19:02 .
    12 drwxr-xr-x 82 root root 4.0K Sep  1 18:08 ..
130928 drwxr-xr-x  2 root root 4.0K Sep  1 18:35 keys_back
 26844 -rw-r--r--  1 root root 237K Mar 23  2015 moduli
 26845 -rw-r--r--  1 root root 1.7K Mar 23  2015 ssh_config
 11364 -rw-r--r--  1 root root 2.5K Sep  1 18:50 sshd_config
   156 -rw-------  1 root root  672 Sep  1 18:36 ssh_host_dsa_key
   179 -rw-r--r--  1 root root  614 Sep  1 18:36 ssh_host_dsa_key.pub
 11208 -rw-------  1 root root  227 Sep  1 18:36 ssh_host_ecdsa_key
 11210 -rw-r--r--  1 root root  186 Sep  1 18:36 ssh_host_ecdsa_key.pub
 11212 -rw-------  1 root root  419 Sep  1 18:36 ssh_host_ed25519_key
 11214 -rw-r--r--  1 root root  106 Sep  1 18:36 ssh_host_ed25519_key.pub
   127 -rw-------  1 root root  989 Sep  1 18:36 ssh_host_key
   147 -rw-r--r--  1 root root  654 Sep  1 18:36 ssh_host_key.pub
   148 -rw-------  1 root root 1.7K Sep  1 18:36 ssh_host_rsa_key
   154 -rw-r--r--  1 root root  406 Sep  1 18:36 ssh_host_rsa_key.pub
  • Restart Service SSH, dan cek status apakah error tersebut sudah tidak muncul
root@host:/etc/ssh# systemctl restart ssh
root@host:/etc/ssh# systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
   Loaded: loaded (/lib/systemd/system/ssh.service; enabled)
   Active: active (running) since Fri 2017-09-01 19:04:50 WIB; 9s ago
 Main PID: 11835 (sshd)
   CGroup: /system.slice/ssh.service
           ├─  692 sshd: root@pts/0
           ├─  694 -bash
           ├─11770 sshd: root@pts/1
           ├─11772 -bash
           ├─11835 /usr/sbin/sshd -D
           └─11836 systemctl status ssh

Sep 01 19:04:50 host sshd[11835]: Server listening on 0.0.0.0 port 1510.
Sep 01 19:04:50 host sshd[11835]: Server listening on :: port 1510.

Solusi 2 : Regenerate Host-Keys secara otomatis

Operating system umumnya melakuan regenerate host-keys secara otomatis pada saat boot-up dan tidak menemukan host-keys di direktori ssh, namun demikian beberapa image gagal melakukan regenerate akibat kostumasi terhadap image operating system tersebut. Apabila hal ini terjadi, keys bisa diregenerate dengan melakukan konfigurasi ulang terhadap openssh-server.

Tes terlebih dahulu dengan menjalankan dpkg-reconfigure (hapus terlebih dahulu keys yang ada).

root@sgp2-01:/etc/ssh# rm -f ssh_host_*
root@sgp2-01:/etc/ssh# dpkg-reconfigure openssh-server
Creating SSH2 RSA key; this may take some time ...
2048 2b:f0:2c:93:a8:51:ae:7e:97:80:7b:7f:9a:cc:52:f1 /etc/ssh/ssh_host_rsa_key.pub (RSA)
Creating SSH2 DSA key; this may take some time ...
1024 79:09:36:29:c4:1d:3c:71:8a:c4:c9:e7:97:5e:8c:65 /etc/ssh/ssh_host_dsa_key.pub (DSA)
Creating SSH2 ECDSA key; this may take some time ...
256 af:22:ae:c4:86:5a:d3:ac:a6:92:02:8e:af:13:08:cb /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA)
Creating SSH2 ED25519 key; this may take some time ...
256 a2:19:1c:ed:4f:ff:30:12:43:42:42:00:13:9d:9b:b0 /etc/ssh/ssh_host_ed25519_key.pub (ED25519)
root@sgp2-01:/etc/ssh# systemctl restart ssh

Apabila output dari proses konfigurasi ulang tersebut telah sesuai dengan yang diharapkan silahkan tambahkan perintah tambahan di dalam /etc/rc.local. Perintah tersebut (yang dijalankan terakhir di sequence bootup server) akan memeriksa apakah host-key dapat ditemukan di dalam direktori /etc/ssh/, apabila tidak ada maka server secara otomatis akan menjalankan dpkg-reconfigure

root@sgp2-01:~# vim /etc/rc.local

# edit file /etc/rc.local
# tambahkan sebelum exit 0
test -f /etc/ssh/ssh_host_dsa_key || dpkg-reconfigure openssh-server
exit 0

Update host-key yang tercatat di sisi client

Pada saat Host-Keys yang baru digenerate tersebut diaktifkan maka client akan gagal melakukan login ke server terkait karena perubahan fingerfrint dari host-keys server, hal ini merupakan salah satu langkah pengamanan yang otomatis diterapkan di protokol SSH, untuk mengatasi hal tersebut silahkan dihapus ulang informasi host-keys yang lama dari dalam file 'known-host' di dalam direktori '~/.ssh' user terkait

RockIT:~ tj$ ssh usg2
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:u9+o5LiaZXqidtklOPfJIX9gFWDY+hcUHt1bSMfNQOk.
Please contact your system administrator.
Add correct host key in /Users/tj/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/tj/.ssh/known_hosts:17
ECDSA host key for [host]:1510 has changed and you have requested strict checking.
Host key verification failed.

Link terkait

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment