# sshd won't start after squid crashed



## mbr661 (Jul 18, 2009)

Hello,

Running FBSD 7.1 with Squid, Portable-OpenSSH, and other apps.

Squid crashed a few days ago after running squid -k reconfigure. I got Squid working again, but now sshd won't satart back up.

I can login at the console, but cannot connect from a remote location.

When running /usr/local/sbin/sshd I get the folowing error:

```
Could not load host key: /usr/local/etc/ssh/ssh_host_rsa_key
Could not load host key: /usr/local/etc/ssh/ssh_host_dsa_key
Disabling protocol version 2. Could not load host key
sshd: no hostkey available -- exiting.
```

If I try /etc/rc.d/sshd start, I get the following error:

```
/etc/rc.d/sshd: WARNING: run_rc_command: cannot run /usr/sbin/sshd
```

I tried killall sshd just to make sure the service was not hangging, but still no love.

I've searched for an answer for a few days now with no luck. I also tried reinstalling OpenSSH, but that didn't do the trick either. Can anyone shed some light on what maybe going on here?

Thanks in advance.


----------



## adamk (Jul 18, 2009)

Well do you have any host keys in /usr/local/etc/ssh/ ?

Adam


----------



## mbr661 (Jul 18, 2009)

Hello adamk,

I've never had them and sshd worked fine for months.  I understand the keys will be created when sshd starts.  I don't understand what changed when squid crashed???

mbr661


----------



## DutchDaemon (Jul 18, 2009)

Does [cmd=]/etc/rc.d/sshd forcestart[/cmd] or [cmd=]/etc/rc.d/sshd onestart[/cmd] work?
Or [cmd=]/usr/local/etc/rc.d/sshd forcestart[/cmd] or [cmd=]/usr/local/etc/rc.d/sshd onestart[/cmd] of course.


----------



## adamk (Jul 18, 2009)

My guess is that squid crashing, and sshd not working is more coincidence than causality.  Something happened that is now causing sshd to look for keys in a location they don't exist.  Whether they ever existed in that location, I do not know.  Why they don't exist now, I still don't know.

To my knowledge, sshd does not generate keys when they don't exist.  /etc/rc.d/sshd does, but, presumably, only for the sshd in the base system, not the portable version.

So I have two suggestions then.  Either generate new keys for /usr/local/etc/ssh for the portable openssh version, or run /usr/sbin/sshd in debug mode to see why that version won't run.


----------



## Voltar (Jul 18, 2009)

mbr661 said:
			
		

> When running /usr/local/sbin/sshd I get the folowing error:
> 
> ```
> Could not load host key: /usr/local/etc/ssh/ssh_host_rsa_key
> ...



Check /etc/ssh/sshd_config to see where you've specified the keyfiles are located. By default I believe the options are commented out, and the keys are stored in /etc/ssh/ not /usr/local/etc/ssh as in the output above. Try setting them back to the default or commenting them out, and then start sshd.


----------



## mbr661 (Jul 19, 2009)

Thank you for your reply.

DutchDaemon: no, the commands you suggested do not work. The first two: /etc/rc.d/sshd forcestart or /etc/rc.d/sshd onestart give me the same errors as before.  The second set just say "command not found".

Voltar: you are right the location of keys are commented out in sshd_config. Yet, I get the errors when trying to start sshd.

Am I having a conflict between the base ssh implementation (the one that comes with FreeBSD) and OpenSSH(the one I installed later?

So, what happens with the original functionality of ssh when you install OpenSSH afterwards?  Have I been running the origial service all this time and never really had OpenSSH running?

Is it possible to have both instances running at the same time?

I see these two directories with ssh:
/etc/ssh
/usr/local/etc/ssh

Only the first directory has keys in it, the second one doesn't. I'm going to try both of your suggestions and I will report back.


----------



## Voltar (Jul 19, 2009)

You know, I just realized there was a port of OpenSSH, which I cannot understand why. The version in the base system of 7.2 is 5.1p1 and the port looks to be 5.2p1, so unless there was a new feature in the minor version update it seems you could have stuck with the base daemon? 

My first thought would be to uninstall the port and go with the base sshd, but I checked the config for the port and it does have an option to overwrite the base install, so I don't know how that would work if you enabled that option.


----------



## mbr661 (Jul 19, 2009)

I'm getting all confused here.  This is what I see in my system:
/etc/ssh
/etc/ssh/sshd_config
/etc/ssh/rsa and dsa key files
/etc/rc.d/sshd

When I run /etc/rc.d/sshd onestart I get the error reported above

/usr/local/etc/ssh
/usr/local/etc/ssh/sshd_config
/usr/local/etc/ssh/rsa and dsa key files (I just created these)
/usr/local/etc/rc.d/openssh

When I run /usr/local/etc/rc.d/openssh onestart I get ERROR: sshd_enable is set. Please set sshd_enable to NO in your rc.conf

I only see one rc.conf and that is in /etc should I also have an rc.conf in /usr/local/etc???

Thanks in advance for your time on this


----------



## Voltar (Jul 19, 2009)

mbr661 said:
			
		

> I'm getting all confused here.  This is what I see in my system:
> /etc/ssh
> /etc/ssh/sshd_config
> /etc/ssh/rsa and dsa key files
> /etc/rc.d/sshd



That is for the base system daemon. 



> /usr/local/etc/ssh
> /usr/local/etc/ssh/sshd_config
> /usr/local/etc/ssh/rsa and dsa key files (I just created these)
> /usr/local/etc/rc.d/openssh
> ...



Those are for the port. Open up /etc/rc.conf and set sshd_enable="NO" to disable the base system daemon. Now run `# /usr/local/etc/rc.d/sshd rcvar` and make sure the rcvar that script requires (from grep'ing the makefile it looks like openssh_enable="YES") is in /etc/rc.conf. If that all looks good, you should be able to start your (port of) sshd with /usr/local/etc/rc.d/sshd start


Sorry for the confusion, but I believe that should work. 






> I only see one rc.conf and that is in /etc should I also have an rc.conf in /usr/local/etc???


 Only in /etc in my experience.


----------



## mbr661 (Jul 19, 2009)

OK, so I changed /etc/rc.conf to sshd_enable="NO"

Then I run /usr/local/etc/rc.d/openssh onestart and it tells me that could not load host key, that no host key is available at 
/usr/local/etc/ssh even though I know the new keys are there.

Is this a permissions issue now?  What permissions should these keys have?

Thanks


----------



## mbr661 (Jul 19, 2009)

When I run # /usr/local/etc/rc.d/sshd rcvar I get a "command not found"

I added openssh_enable="YES" to rc.conf

I also tried /usr/local/etc/rc.d/sshd start and also got "command not found"


----------



## Voltar (Jul 19, 2009)

ssh_host_dsa_key, ssh_host_key, and ssh_host_rsa_key should be chmod 600, the .pub of the aforementioned files should be 644.

Also, double check the config for the HostKey and make sure it says something like "HostKey /usr/local/etc/ssh/ssh_host_dsa_key".


----------



## Voltar (Jul 19, 2009)

mbr661 said:
			
		

> When I run # /usr/local/etc/rc.d/sshd rcvar I get a "command not found"
> 
> I added openssh_enable="YES" to rc.conf
> 
> I also tried /usr/local/etc/rc.d/sshd start and also got "command not found"



That may be my bad, the port is called openssh, not sshd. :r


----------



## mbr661 (Jul 19, 2009)

Yeah I noticed that and run it with openssh, but it still tells me that the keys are not available.

I don't need to reboot for rc.conf to see the changes, do I?

Or, do you think it may be a permission issue on the key files? they have permission of 600 for private and 644 for public


----------



## DutchDaemon (Jul 19, 2009)

Note that there's unlikely to be any *ssh_enable, but rather *ssh*d*_enable. Note also that there are two rc.conf files, the one in /etc/defaults/rc.conf, and the one in /etc/rc.conf. The latter contains additions to and/or overrides of /etc/defaults/rc.conf. All daemons started from /etc/rc.d/* and /usr/local/etc/rc.d/* are started from one of the two rc.conf files.


----------



## mbr661 (Jul 19, 2009)

Voila, it works! 

I deleted the newly created keys and rerun /usr/local/etc/rc.d/openssh onestart.

It created new keys and started the service. For some reason it did not like the keys I created yesterday.  I can now connect remotely using PuTTY.

Thanks a bunch for helping me sort this thing out.


----------

