Hello,
once ArubaOS-CX warning syslogging to HPE IMC via vrf mgmt (OoBM) was activated with:
logging ip-of-imc udp severity warning vrf mgmt include-auditable-events
we started receiving the Error "error: Could not load host key: /etc/ssh/ssh_host_dsa_key" from both VSX nodes' sshd daemons.
I checked and, actually, each VSX node has:
- ECDSA SSH host key
- ED25519 SSH host key
- RSA SSH Host key
so no DSA SSH Key at all.
The sshd_config has:
Aruba-8320-1:~$ grep -i hostkey /etc/ssh/sshd_config
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
and:
Aruba-8320-1:~$ /usr/sbin/sshd -T |grep hostkey
/etc/ssh/sshd_config line 111: Deprecated option UsePrivilegeSeparation
Could not load host key: /etc/ssh/ssh_host_rsa_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Could not load host key: /etc/ssh/ssh_host_ed25519_key
sshd: no hostkeys available -- exiting.
despite three SSH Keys reported above are available:
Aruba-8320-1:~$ ls -lah /etc/ssh/
total 580K
drwxr-xr-x 2 root root 240 Nov 6 11:58 .
drwxr-xr-x 67 root root 2.8K Nov 6 11:58 ..
-rw-r--r-- 1 root root 541K Sep 24 14:24 moduli
-rw-r--r-- 1 root root 1.8K Jan 11 15:32 ssh_config
-rw------- 1 root root 227 Nov 6 11:58 ssh_host_ecdsa_key
-rw-r--r-- 1 root root 171 Nov 6 11:58 ssh_host_ecdsa_key.pub
-rw------- 1 root root 399 Nov 6 11:58 ssh_host_ed25519_key
-rw-r--r-- 1 root root 91 Nov 6 11:58 ssh_host_ed25519_key.pub
-rw------- 1 root root 1.7K Nov 6 11:58 ssh_host_rsa_key
-rw-r--r-- 1 root root 391 Nov 6 11:58 ssh_host_rsa_key.pub
-rw-r--r-- 1 root root 3.8K Jan 11 15:32 sshd_config
-rw-r--r-- 1 root root 3.5K Oct 3 20:43 sshd_config_readonly
Any idea how to stop sshd making noise about this missing (DSA) Key?