I’m doing authenticated scan with ssh credentials and I discovered that I am missing some hosts.
I discovered on the hosts not reported that I see some connections but I have the following error message:
sshd: error: Could not load host key: /etc/ssh/ssh_host_dsa_key
I can solve the issue by creating the key pair but I’d prefer not. (Security issue and I have many hosts.) Moreover were the scan succeeded, there isn’t the key pair as well.
I also tried to check the option “allow insecure use” but it didn’t change the outcome. I’am running out of ideas.
OpenSSH_9.0p1 Debian-1+b1, OpenSSL 3.0.5 5 Jul 2022
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017 (RedHat)
September 28, 2022, 7:56am
Could not load host key: /etc/ssh/ssh_host_dsa_key
error on scanner or on scanner host? sounds like a br0ken setup on host?
is that file missing from host.
The error appears on the scanned host but not all of them. The error is right, the file is missing and If I create the file it works but that’s not really a valid solution. I would like to know why it wants to use this key pair and how I can change it.
September 28, 2022, 8:42am
@mellymello it means that hostkey(s) are mission from scanned host.
You need to regenerate them on host or remove missing keys from sshd configuration. this might be related to host upgrade.
September 28, 2022, 2:00pm
A successful login via SSH at a target depends on a few things:
A default SSH configuration on which some hints are given in
10 Scanning a System — Greenbone Enterprise Appliance 22.04.2 documentation
https://www.libssh.org version used on the scanner host which is compatible / able to communicate with the SSH server running on the target host
The scanner is using
libssh for the SSH login
If an affected target host is using some newer or older algorithms not supported by the used libssh version (against the scanner was compiled) the login will fail
Support for some ECC curves requires
libssh to be build against
Some incompatibilities / bugs in
libssh could also negatively affect the login
Unfortunately there is no “full” list on
Features – libssh which of these features / functionality got introduced in which
libssh version so this is mainly a “try and error” to determine if the issue is originating from libssh
Thank you for your reply,
I’ll have a look and try to determine if it comes from libssh.
I’ll let you know my results