Hi, I just compiled the latest incarnation of OpenSSH (2.5.1), and installed it. When I tried to start the daemon, it gave the following warning: Could not load server key. Disabling 2.0 protocol. This message is not verbatim, as I don't remember the exact message, and I am physically away from my box. This was also not logged in the logfiles. I have not seen this with 2.3.0 I was using before. Why is this? and how to fix it? As a side note to everyone: Why wait for SuSE to build an RPM when you can compile and install it from source? I have not use SuSE RPMs for OpenSSH at all and always compiled it myself since the begining. Thanks for reading. Cheers, -- Nadeem Hasan nhasan@nadmm.com http://www.nadmm.com/
Hi,
I just compiled the latest incarnation of OpenSSH (2.5.1), and installed it. When I tried to start the daemon, it gave the following warning:
Could not load server key. Disabling 2.0 protocol.
I got a similar thing. For some reason, the build process isn't respecting the --sysconfdir configure option. Watch (warning: long script): Script started on Wed Feb 21 14:13:27 2001 root@ws:/usr/src/openssh-2.5.1p1> make clean [snip] root@ws:/usr/src/openssh-2.5.1p1> ./configure --prefix=/usr/local --sysconfdir=/etc/ssh --with-tcp-wrappers --with-pam --with-ipv4-default [snip] OpenSSH configured has been configured with the following options. User binaries: /usr/local/bin System binaries: /usr/local/sbin Configuration files: /etc/ssh Askpass program: /usr/local/libexec/ssh-askpass Manual pages: /usr/local/man/manX PID file: /var/run Random number collection: Device (/dev/urandom) Manpage format: man PAM support: yes KerberosIV support: no AFS support: no S/KEY support: no TCP Wrappers support: yes MD5 password support: no IP address in $DISPLAY hack: no Use IPv4 by default hack: yes Translate v4 in v6 hack: yes Host: i686-pc-linux-gnu Compiler: gcc Compiler flags: -g -O2 -Wall Preprocessor flags: -I/usr/local/include -I/usr/local/include Linker flags: -L/usr/local/lib -L/usr/local/lib Libraries: -lpam -ldl -lwrap -lz -lnsl -lutil -lcrypto PAM is enabled. You may need to install a PAM control file for sshd, otherwise password authentication may fail. Example PAM control files can be found in the contrib/ subdirectory root@ws:/usr/src/openssh-2.5.1p1> make #works correctly root@ws:/usr/src/openssh-2.5.1p1> make install #works correctly root@ws:/usr/src/openssh-2.5.1p1> date Wed Feb 21 14:16:04 PST 2001 root@ws:/usr/src/openssh-2.5.1p1> ls -l /usr/local/sbin/sshd -rwxr-xr-x 1 root root 664028 Feb 21 14:15 /usr/local/sbin/sshd* root@ws:/usr/src/openssh-2.5.1p1> ls -l /etc/ssh/ total 60 -rw-r--r-- 1 root root 26287 Feb 21 13:50 primes -rw-r--r-- 1 root root 880 Feb 21 13:50 ssh_config -rw------- 1 root root 668 Feb 9 11:25 ssh_host_dsa_key -rw-r--r-- 1 root root 597 Feb 9 11:25 ssh_host_dsa_key.pub -rw------- 1 root root 522 Feb 9 11:25 ssh_host_key -rw-r--r-- 1 root root 326 Feb 9 11:25 ssh_host_key.pub -rw------- 1 root root 887 Feb 21 13:50 ssh_host_rsa_key -rw-r--r-- 1 root root 217 Feb 21 13:50 ssh_host_rsa_key.pub -rw-r--r-- 1 root root 628 Feb 21 13:50 sshd_config root@ws:/usr/src/openssh-2.5.1p1> /usr/local/sbin/sshd /usr/local/etc/ssh_host_key: No such file or directory error: Could not load host key: /usr/local/etc/ssh_host_key: No such file or directory Disabling protocol version 1. Could not load host key Disabling protocol version 2. Could not load host key sshd: no hostkeys available -- exiting. root@ws:/usr/src/openssh-2.5.1p1> sshd --version sshd: invalid option -- - sshd version OpenSSH_2.5.1p1 Usage: sshd [options] Options: -f file Configuration file (default /etc/ssh/sshd_config) -d Debugging mode (multiple -d means more debugging) -i Started from inetd -D Do not fork into daemon mode -q Quiet (no logging) -p port Listen on the specified port (default: 22) -k seconds Regenerate server key every this many seconds (default: 3600) -g seconds Grace period for authentication (default: 600) -b bits Size of server RSA key (default: 768 bits) -h file File from which to read host key (default: /etc/ssh/ssh_host_key) -u len Maximum hostname length for utmp recording -4 Use IPv4 only -6 Use IPv6 only root@ws:/usr/src/openssh-2.5.1p1> exit exit ---- Look at the -h flag above. It says the default is /etc/ssh/ssh_host_key, but when the program tries to run, it looks for it in /usr/local/etc...I can always symlink it to get it to run, but this has to be a bug...can anyone else confirm before I send it in? -- Jeremy [jeremy@wellsgaming.com]
On Wed, Feb 21, 2001 at 02:33:35PM -0800, Jeremy Buchmann wrote:
I got a similar thing. For some reason, the build process isn't respecting the --sysconfdir configure option. Watch (warning: long script):
You omit the most significant information: the contents of your sshd_config file.
root@ws:/usr/src/openssh-2.5.1p1> ./configure --prefix=/usr/local --sysconfdir=/etc/ssh --with-tcp-wrappers --with-pam --with-ipv4-default
[logs for sysconf is /etc/ssh removed]
root@ws:/usr/src/openssh-2.5.1p1> date Wed Feb 21 14:16:04 PST 2001
root@ws:/usr/src/openssh-2.5.1p1> ls -l /usr/local/sbin/sshd -rwxr-xr-x 1 root root 664028 Feb 21 14:15 /usr/local/sbin/sshd*
root@ws:/usr/src/openssh-2.5.1p1> ls -l /etc/ssh/ total 60 -rw-r--r-- 1 root root 26287 Feb 21 13:50 primes -rw-r--r-- 1 root root 880 Feb 21 13:50 ssh_config -rw------- 1 root root 668 Feb 9 11:25 ssh_host_dsa_key -rw-r--r-- 1 root root 597 Feb 9 11:25 ssh_host_dsa_key.pub -rw------- 1 root root 522 Feb 9 11:25 ssh_host_key -rw-r--r-- 1 root root 326 Feb 9 11:25 ssh_host_key.pub -rw------- 1 root root 887 Feb 21 13:50 ssh_host_rsa_key -rw-r--r-- 1 root root 217 Feb 21 13:50 ssh_host_rsa_key.pub -rw-r--r-- 1 root root 628 Feb 21 13:50 sshd_config
At this point your sshd_config is dated 13:50 and your sshd is dated 14:15. sshd_config was not overwritten by make install (that's a good idea of install to take care of already installed configurations).
root@ws:/usr/src/openssh-2.5.1p1> /usr/local/sbin/sshd /usr/local/etc/ssh_host_key: No such file or directory error: Could not load host key: /usr/local/etc/ssh_host_key: No such file or directory Disabling protocol version 1. Could not load host key Disabling protocol version 2. Could not load host key sshd: no hostkeys available -- exiting. Please make sure that you don't have these paths configured in the config file.
Best regards, Lutz -- Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
On Wed, Feb 21, 2001 at 02:33:35PM -0800, Jeremy Buchmann wrote:
I got a similar thing. For some reason, the build process isn't respecting the --sysconfdir configure option. Watch (warning: long script):
You omit the most significant information: the contents of your sshd_config file.
Sheesh...you'd think after rtfm for an hour, I would have picked up on that...ha ha ha. However, I figured out the answer to the first guy's problem: SSH2 apparently doesn't use the same host key file, so you have to have two HostKey entries in sshd_config...one points to ssh_host_key and the other (for SSH2) points to ssh_host_rsa_key or ssh_host_dsa_key. At least, this is what the man page says and I'm not getting that error anymore. -- Jeremy [jeremy@wellsgaming.com]
Why wait for SuSE to build an RPM when you can compile and install it from source? I have not use SuSE RPMs for OpenSSH at all and always compiled it myself since the begining. Because you ruin your system ... it works fine until you update your distribution. you will have packages with same/older/newer versions in different directories (/usr, /usr/local) and if you don't clean up (which is _really_ hard with self compiled things) you will have lots of
On Wed, 21 Feb 2001, Nadeem Hasan wrote: problems (wrong library versions, ...) RPM's are one of the reasons why linux is so stable and upgradeable and running for years ... btw, there is a tool which monitors a "make install" and puts all filenames installed into a file ... this way you can at least remove self-compiled programs if you think about it before installing ... bye Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \
btw, there is a tool which monitors a "make install" and puts all filenames installed into a file ... this way you can at least remove self-compiled programs if you think about it before installing ...
two actually: installwatch installwatch monitor what a program does, and logs any changes it makes to the system to syslog. Its similar to the "time" program in that it runs the program in a wrapped form so that it can monitor what happens, you run the program as "installwatch /usr/src/something/make" for example (optionally you can use the "-o filename" to log to a specific file). installwatch is available from: http://datanord.datanord.it/~pdemauro/installwatch/. instmon instmon is run before and after you install a tarball / tgz package (or any package for that matter). It generates a list of files changed that you can later use to undo any changes. It is available from: http://hal.csd.auth.gr/~vvas/instmon/.
bye Markus
Kurt Seifried, seifried@securityportal.com Securityportal - your focal point for security on the 'net
On Thu, Feb 22, 2001 at 12:13:35AM -0700, Kurt Seifried wrote:
two actually:
installwatch http://datanord.datanord.it/~pdemauro/installwatch/. The requested URL /~pdemauro/installwatch/ was not found on this server.
The link from the instmon page http://dnm.dnm.it/~pdemauro/installwatch/ produces The requested URL /~pdemauro/installwatch/ was not found on this server. http://www.linuxberg.com/conhtml/adnload/8335_35424.html produces the 0.5.5 version rpm Any other page? freshmeat and sourceforge do not find anything about installwatch Thanks. Frank
Why wait for SuSE to build an RPM when you can compile and install it from source? I have not use SuSE RPMs for OpenSSH at all and always compiled it myself since the begining. Because you ruin your system ... it works fine until you update your distribution. you will have packages with same/older/newer versions in different directories (/usr, /usr/local) and if you don't clean up (which is _really_ hard with self compiled things) you will have lots of
What is the name of that tool ? -----Ursprüngliche Nachricht----- Von: Markus Gaugusch [mailto:markus@gaugusch.dhs.org] Gesendet: Donnerstag, 22. Februar 2001 07:54 Cc: SuSE Security Betreff: Re: [suse-security] OpenSSH 2.5.1p1 and server key On Wed, 21 Feb 2001, Nadeem Hasan wrote: problems (wrong library versions, ...) RPM's are one of the reasons why linux is so stable and upgradeable and running for years ... btw, there is a tool which monitors a "make install" and puts all filenames installed into a file ... this way you can at least remove self-compiled programs if you think about it before installing ... bye Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \ --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
What is the name of that tool ? The tool i'm actually using is called "FileTrace" or "ftrace" and can be found on http://software.senko.net/ -----Ursprüngliche Nachricht----- Von: Markus Gaugusch [mailto:markus@gaugusch.dhs.org] Gesendet: Donnerstag, 22. Februar 2001 07:54 Cc: SuSE Security Betreff: Re: [suse-security] OpenSSH 2.5.1p1 and server key You may want to remove fullquotes and change your mail client to use "Re" instead of "AW"
thank you Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \
* Markus Gaugusch
Why wait for SuSE to build an RPM when you can compile and install it from source? I have not use SuSE RPMs for OpenSSH at all and always compiled it myself since the begining. Because you ruin your system ... it works fine until you update your distribution. you will have packages with same/older/newer versions in different directories (/usr, /usr/local) and if you don't clean up (which is _really_ hard with self compiled things) you will have lots of
On Wed, 21 Feb 2001, Nadeem Hasan wrote: problems (wrong library versions, ...) RPM's are one of the reasons why linux is so stable and upgradeable and running for years ...
have you tried this approach: 1) make from source 2) built rpm out of make 3) install that rpm. Of course, this only works if there are rpm specs floating around. Gerhard, <@jasongeo.com> == The Acoustic Motorbiker == -- __O If your watch is wound, wound to run, it will =`\<, If your time is due, due to come, it will (=)/(=) Living this life, is like trying to learn latin in a chines firedrill
have you tried this approach: 1) make from source i always build as user, not root, so this is no problem 2) built rpm out of make without spec? i don't know how to create spec files (especially for unknown applications with unknown file structure ...) 3) install that rpm. hey, really? ;-) Of course, this only works if there are rpm specs floating around. a very rare case :(
Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \
participants (8)
-
Frank Derichsweiler
-
Gerhard den Hollander
-
Jeremy Buchmann
-
Kurt Seifried
-
Lutz Jaenicke
-
Markus Gaugusch
-
Nadeem Hasan
-
Peter Bethke Test