Solved ssh passwordless authentication error

fred974

fred974

Hello,

I am trying set up a set of ssh passwordless authentication key inside my FreeBSD 10 Jail.

When I run ssh-keygen -b 4096 -f ~/.ssh/id_rsa4096_2015 -C admin@FreeBSD-Host, I get the following error message after I confirm my password:
Code: 
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Segmentation fault (core dumped)
Inside my ~/.ssh directory,a file called ssh-keygen.core has been generated.
sa ssh-keygen.core
Code: 
 sa: error reading ssh-keygen.core: Inappropriate file type or format
3  0.000re  68.71cp  0avio  5k
  2  0.000re  68.69cp  0avio  5k  ?
  1  0.000re  0.02cp  0avio  0k  ***other
Also when I sudo service sshd start, I get
Code: 
Performing sanity check on sshd configuration.
Could not load host key: /etc/ssh/ssh_host_ed25519_key
Starting sshd.
Could not load host key: /etc/ssh/ssh_host_ed25519_key
Could anyone help me here please?

Thank you
Fred
 
Try ssh-keygen -A - should generate a missing key. But I guess it has something to do with configuration of the jail.
 
ssh-keygen -A did not resolved the error message:
Code: 
Could not load host key: /etc/ssh/ssh_host_ed25519_key
Any idea in wish part of the jail configuration I need to investigate?
 
For enabling ed25519 cipher you need to edit /etc/rc.d/sshd. That's what I have there for using rsa and ed25519 only:

Code: 
#: ${sshd_rsa1_enable:="no"}
: ${sshd_rsa_enable:="yes"}
#: ${sshd_dsa_enable:="no"}
#: ${sshd_ecdsa_enable:="no"}
: ${sshd_ed25519_enable:="yes"}
----
sshd_keygen()
{
#	sshd_keygen_alg rsa1
	sshd_keygen_alg rsa
#	sshd_keygen_alg dsa
#	sshd_keygen_alg ecdsa
	sshd_keygen_alg ed25519
}
It does enable ed25519 and generate missing server keys. You might want to delete unused keys (i.e. those with weak ciphers) also.

If I remember it well a line has to be added to /etc/ssh/sshd_config:
Code: 
HostKey /etc/ssh/ssh_host_ed25519_key
 
getopt said:
If I remember it well a line has to be added to /etc/ssh/sshd_config:
Code: 
HostKey /etc/ssh/ssh_host_ed25519_key
Click to expand...
It's loaded by default, if I'm not mistaken.

But as far as I know, as long as you don't use ed25519 based keys, the host key isn't needed.
 
Thank you getopt ,

I noticed that my /etc/rc.d/sshd hasn't been updated for some reason.
It still had the release/10.0.0/ file instead of the releng/10.1

I guess the jail didn't get updated correctly:(

All sorted now
 
You must log in or register to reply here.
Back
Top