Wired

last person joined: 2 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

ArubaOS-CX 10.01: "Could not load host key: /etc/ssh/ssh_host_dsa_key" error

Jump to Best Answer
  • 1.  ArubaOS-CX 10.01: "Could not load host key: /etc/ssh/ssh_host_dsa_key" error

    Posted Jan 14, 2019 05:18 AM

    Hello,

    once ArubaOS-CX warning syslogging to HPE IMC via vrf mgmt (OoBM) was activated with:

     

    logging ip-of-imc udp severity warning vrf mgmt include-auditable-events

    we started receiving the Error "error: Could not load host key: /etc/ssh/ssh_host_dsa_key" from both VSX nodes' sshd daemons.

     

    I checked and, actually, each VSX node has:

     

    • ECDSA SSH host key
    • ED25519 SSH host key
    • RSA SSH Host key

    so no DSA SSH Key at all.

     

    The sshd_config has:

     

    Aruba-8320-1:~$ grep -i hostkey /etc/ssh/sshd_config
    # HostKey for protocol version 1
    #HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    #HostKey /etc/ssh/ssh_host_rsa_key
    #HostKey /etc/ssh/ssh_host_dsa_key
    #HostKey /etc/ssh/ssh_host_ecdsa_key
    #HostKey /etc/ssh/ssh_host_ed25519_key

    and:

     

    Aruba-8320-1:~$ /usr/sbin/sshd -T |grep hostkey
    /etc/ssh/sshd_config line 111: Deprecated option UsePrivilegeSeparation
    Could not load host key: /etc/ssh/ssh_host_rsa_key
    Could not load host key: /etc/ssh/ssh_host_dsa_key
    Could not load host key: /etc/ssh/ssh_host_ecdsa_key
    Could not load host key: /etc/ssh/ssh_host_ed25519_key
    sshd: no hostkeys available -- exiting.

    despite three SSH Keys reported above are available:

     

    Aruba-8320-1:~$ ls -lah /etc/ssh/
    total 580K
    drwxr-xr-x  2 root root  240 Nov  6 11:58 .
    drwxr-xr-x 67 root root 2.8K Nov  6 11:58 ..
    -rw-r--r--  1 root root 541K Sep 24 14:24 moduli
    -rw-r--r--  1 root root 1.8K Jan 11 15:32 ssh_config
    -rw-------  1 root root  227 Nov  6 11:58 ssh_host_ecdsa_key
    -rw-r--r--  1 root root  171 Nov  6 11:58 ssh_host_ecdsa_key.pub
    -rw-------  1 root root  399 Nov  6 11:58 ssh_host_ed25519_key
    -rw-r--r--  1 root root   91 Nov  6 11:58 ssh_host_ed25519_key.pub
    -rw-------  1 root root 1.7K Nov  6 11:58 ssh_host_rsa_key
    -rw-r--r--  1 root root  391 Nov  6 11:58 ssh_host_rsa_key.pub
    -rw-r--r--  1 root root 3.8K Jan 11 15:32 sshd_config
    -rw-r--r--  1 root root 3.5K Oct  3 20:43 sshd_config_readonly

     Any idea how to stop sshd making noise about this missing (DSA) Key?



  • 2.  RE: ArubaOS-CX 10.01: "Could not load host key: /etc/ssh/ssh_host_dsa_key" error

    Posted Jan 14, 2019 05:24 AM

    Let we see if (via start-shell) a:

     

    Aruba-8320-1:~$ sudo /usr/bin/ssh-keygen -A
    ssh-keygen: generating new host keys: DSA

    does the trick (I suspect related sshd.service needs to be restarted then).

     

    I'm not totally sure that manually generating missing SSH Key is the correct way to fix the Error syslog message we receive...probably - I presume - acting on sshd_config file would be the correct way to proceed.

     

    The generated ssh_host_dsa_key.pub file ends with root@Aruba-8320-1 (which is the actual VSX Member hostname assigned to this Aruba 8320 node): I notice that - instead - three existing Host Keys were generated (automatically) as root@8320 (so when the Aruba 8320 was running with its default configuration). Should these three keys need to be (re)generated?



  • 3.  RE: ArubaOS-CX 10.01: "Could not load host key: /etc/ssh/ssh_host_dsa_key" error

    Posted Jan 22, 2019 06:40 AM

    After a week I can say that, of our VSX, only the Aruba-8320-2 node still reports to IMC two errors in a row:Aruba_8320_VSX_DSA_Key_Error_on_Secondary_Node_22012019.pngAruba-8320-1 became silent (no more Errors).



  • 4.  RE: ArubaOS-CX 10.01: "Could not load host key: /etc/ssh/ssh_host_dsa_key" error

    Posted Jan 23, 2019 06:05 AM

    Why that is happening? Is manual DSA Key generation from shell correct?



  • 5.  RE: ArubaOS-CX 10.01: "Could not load host key: /etc/ssh/ssh_host_dsa_key" error

    Posted Jan 29, 2019 08:22 AM

    Any idea?



  • 6.  RE: ArubaOS-CX 10.01: "Could not load host key: /etc/ssh/ssh_host_dsa_key" error

    Posted Feb 03, 2019 04:31 AM

    ask TAC ?



  • 7.  RE: ArubaOS-CX 10.01: "Could not load host key: /etc/ssh/ssh_host_dsa_key" error

    Posted Feb 08, 2019 08:41 AM

    Just for reference, opened Case Id 5336201687 on HPE Networking Portal.



  • 8.  RE: ArubaOS-CX 10.01: "Could not load host key: /etc/ssh/ssh_host_dsa_key" error

    Posted Feb 20, 2019 08:48 AM

    get a reply ?



  • 9.  RE: ArubaOS-CX 10.01: "Could not load host key: /etc/ssh/ssh_host_dsa_key" error

    Posted Feb 20, 2019 10:04 AM

    Hi Alexis, yes...Aruba ERT was able to reproduce the issue.

     

    As workaround they suggested me to use the method I initially described above to quiet remaining Error logs generated by Node 1.

     

    Alteratively the update of ArubaOS-CX to latest 10.02.0010 should fix this strange behaviour because SSH config on that built was modified.



  • 10.  RE: ArubaOS-CX 10.01: "Could not load host key: /etc/ssh/ssh_host_dsa_key" error
    Best Answer

    Posted Mar 13, 2019 06:19 AM

    The issue has been fixed with the VSX upgrade to ArubaOS-CX 10.02.0010.