How to fix "sshd error: could not load host key"

Last updated on October 17, 2020 by Dan Nanni

Question: When I try to SSH to a remote server, SSH client fails with Connection closed by X.X.X.X. On the SSH server side, I see error messages: sshd error: could not load host key. What is going on, and how can I fix this error?

SSH Problem Description

The detailed symptom of this SSH connection error is as follows.

On SSH client side, you have enabled key authentication for a remote SSH server. However, when you attempt to connect to the SSH server, you don't see login screen, and your SSH connection is closed right away with the following messages:

Connection closed by XXXX
Connection reset by XXXX

On SSH server side, the system log has the following error messages:

In /var/log/auth.log on Ubuntu, Debian or Linux Mint:

Oct 16 08:59:45 openstack sshd[1214]: error: Could not load host key: /etc/ssh/ssh_host_rsa_key
Oct 16 08:59:45 openstack sshd[1214]: error: Could not load host key: /etc/ssh/ssh_host_dsa_key
Oct 16 08:59:45 openstack sshd[1214]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Oct 16 08:59:45 openstack sshd[1214]: fatal: No supported key exchange algorithms [preauth]

In /var/log/secure on CentOS, Fedora or RHEL:

Feb 18 21:48:25 localhost sshd[14226]: fatal: No supported key exchange algorithms [preauth]

How to Solve the SSH Login Error

The root cause of this problem is that sshd daemon somehow is not able to load SSH host keys properly.

When OpenSSH server is first installed on Linux system, SSH host keys should automatically be generated for subsequent use. If, however, key generation was not finished successfully, that can cause SSH login problems like this.

Let's check if SSH host keys are found where they should be.

$ ls -al /etc/ssh/ssh*key

If SSH host keys are not found there, or their size is all truncated to zero (like above), you need to regenerate SSH host keys from scratch.

Regenerate SSH Host Keys in Distro-Specific Ways

On Ubuntu, Debian or their derivatives, you can use dpkg-reconfigure tool to regenerate SSH host keys as follows.

$ sudo rm -r /etc/ssh/ssh*key
$ sudo dpkg-reconfigure openssh-server

On CentOS, RHEL or Fedora, all you have to do is to restart sshd after removing existing (problematic) keys.

$ sudo rm -r /etc/ssh/ssh*key
$ sudo systemctl restart sshd

Regenerate SSH Host Keys with ssh-keygen

An alternative way to regenerate SSH host keys is to manually generate them using ssh-keygen command as follows.

$ sudo ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
$ sudo ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
$ sudo ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key

Once new SSH host keys are generated, make sure that they are found in /etc/ssh directory. There is no need to restart sshd at this point.

$ ls -al /etc/ssh/ssh*key

Now try to SSH again to the SSH server to see if the problem is gone.

Support Xmodulo

This website is made possible by minimal ads and your gracious donation via PayPal or credit card

Please note that this article is published by Xmodulo.com under a Creative Commons Attribution-ShareAlike 3.0 Unported License. If you would like to use the whole or any part of this article, you need to cite this web page at Xmodulo.com as the original source.

Xmodulo © 2021 ‒ AboutWrite for UsFeed ‒ Powered by DigitalOcean