Sshd -t gives sshd: no hostkeys available -- exiting

dodgypast · April 30, 2020, 11:16am

Sorry, it’s me again. Trying to set up ssh.

I’ve run ssh-keygen -A

I’ve tried restarting the service sudo systemctl restart sshd.service

Not really sure what to do next.

Bryanpwo · April 30, 2020, 11:31am

Can you get in the service with ssh followed by username and servername?

dodgypast · April 30, 2020, 11:58am

If I do ssh arch then it works from the terminal.

But testing it still brings up the same error, and I cannot log in from another machine. When I try I get a permission denied error after entering the password.

If I try ssh root@arch I get Permission denied, please try again. when I enter the password.

Bryanpwo · April 30, 2020, 12:39pm

To be clear, you are trying to reach a (home)server and you can’t get in with another device?

Are you sure you’ve got password enabled on the server?

dodgypast · April 30, 2020, 1:20pm

Here’s my sshd_config:

#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no # pam does that
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem	sftp	/usr/lib/ssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	X11Forwarding no
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server

Though now I’m getting:
[duncanm@Arch ~]$ ssh arch
ssh: connect to host arch port 22: Connection refused

SGS · April 30, 2020, 1:35pm

pc = md, user on md = sgs

ssh sgs@md

Bryanpwo · April 30, 2020, 1:42pm

Shouldn’t be there a line to allow users to login?

It doesn’t matter where you put it but type this somewhere ( I have it under #ListenAddress : : with a space underneath it)

AllowUsers duncanm

Then close with Ctrl x

dodgypast · April 30, 2020, 2:02pm

Just tried that.

Think I might have broken something else since I’m getting:

[duncanm@Arch ~]$ ssh duncanm@Arch
ssh: connect to host arch port 22: Connection refused

Bryanpwo · April 30, 2020, 2:03pm

Did you create a keygen on that machine?

dodgypast · April 30, 2020, 2:40pm

I’ve run ssh-keygen -A if that’s what you mean.

ricklinux · April 30, 2020, 2:42pm

When you installed it and started it did you also enable the service?

sudo systemctl enable ssh

Bryanpwo · April 30, 2020, 2:43pm

What meant is create keygen on the remote device. But @ricklinux also has a valid point.

dodgypast · April 30, 2020, 2:51pm

well fixed the problem with ssh: connect to host arch port 22: Connection refused , ricklinux was right, the service had stopped being enabled.

Now that’s fixed it seems that AllowUsers duncanm fixed the initial problem as I can now log in from a remote machine.

\o/ Thank you so much for your patience.