一、问题现象

ubuntu上启动ssh时,报错:

 * Starting OpenBSD Secure Shell server sshd
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key

截图信息:

image916886a7b54ba239.png

错误信息是说密钥不存在,查看目录确实是不存在:

root@maqianos:~# ll /etc/ssh/
total 552
drwxr-xr-x 1 root root   4096 May 21 22:41 ./
drwxr-xr-x 1 root root   4096 Sep 16 12:26 ../
-rw-r--r-- 1 root root 553122 Mar  4  2019 moduli
-rw-r--r-- 1 root root   1580 Mar  4  2019 ssh_config
-rw-r--r-- 1 root root    338 May 21 22:41 ssh_import_id
-rw-r--r-- 1 root root   3262 May 21 22:41 sshd_config

虽然有错误信息,但是从提示上看ssh服务是启动成功了,ps看进程也起来了。

不过客户端是不能远程上来的,连接时报错:

Connecting to 127.0.0.1:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.
Connection closing...Socket close.

Connection closed by foreign host.

Disconnected from remote host(127.0.0.1:22) at 10:13:57.

同时使用wireshark抓包看,可以发现连接被服务端断开了:

二、解决方案

2.1 生成rsa_key

命令:

ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key

输出:

Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /etc/ssh/ssh_host_rsa_key.
Your public key has been saved in /etc/ssh/ssh_host_rsa_key.pub.
The key fingerprint is:
SHA256:HCF6EzKhpOZAk6vDO1wABnPVtckUYoIOazXqEc9SgfA root@maqianos
The key's randomart image is:
+---[RSA 2048]----+
|*o=+Bo=.=.       |
|+@o= *.* +       |
|==E o o =        |
|=B.o . o .       |
|=.+     S        |
|oo .             |
|..o              |
| +               |
|  .              |
+----[SHA256]-----+

2.2 生成ecdsa_key

使用命令:

ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key

输出:

Generating public/private ecdsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /etc/ssh/ssh_host_ecdsa_key.
Your public key has been saved in /etc/ssh/ssh_host_ecdsa_key.pub.
The key fingerprint is:
SHA256:XQ+3eH1AXF1TwFPH2/gll/CULXTmIpqHFdhLDvVGF5E root@maqianos
The key's randomart image is:
+---[ECDSA 256]---+
|           +o+=O^|
|          o o*=E*|
|           +=.X+=|
|         . *oBoO+|
|        S = o +++|
|           . .  o|
|                 |
|                 |
|                 |
+----[SHA256]-----+

2.3 生成ed25519_key

命令:

ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key

输出

Generating public/private ed25519 key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /etc/ssh/ssh_host_ed25519_key.
Your public key has been saved in /etc/ssh/ssh_host_ed25519_key.pub.
The key fingerprint is:
SHA256:St4uTjtl3HIt9DYyZhao2KNRQQthguqE2WJLYhSBHpU root@maqianos
The key's randomart image is:
+--[ED25519 256]--+
|.+=.=o.          |
|oo E ...         |
|=o.   .. .       |
|**.   . . o      |
|B..  +.oSo +     |
| o  oo+o= X =    |
|     o++.* = .   |
|    ..oo         |
|     .oo.        |
+----[SHA256]-----+

2.3 重启ssh

执行/etc/init.d/sshd restart重启ssh服务,无报错信息:

imagec2f7ea1f2b5cee27.png

再次使用客户端连接可以连上!

最后修改:2019 年 09 月 16 日 01 : 14 PM