How to fix “sshd error: could not load host key”

Question: When I try to SSH to a remote server, SSH client fails with "Connection closed by X.X.X.X". On the SSH server side, I see error messages: "sshd error: could not load host key." What is going on, and how can I fix this error?

The detailed symptom of this SSH connection error is as follows.

SSH client side: when you attempt to SSH to a remote host, you don't see login screen, and your SSH connection is closed right away with a message: "Connection closed by XXXX" or "Connection reset by XXXX"

SSH server side: in a system log, you see the following error messages.

In /var/log/auth.log on Debian, Ubuntu or Linux Mint:

Oct 16 08:59:45 openstack sshd[1214]: error: Could not load host key: /etc/ssh/ssh_host_rsa_key
Oct 16 08:59:45 openstack sshd[1214]: error: Could not load host key: /etc/ssh/ssh_host_dsa_key
Oct 16 08:59:45 openstack sshd[1214]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Oct 16 08:59:45 openstack sshd[1214]: fatal: No supported key exchange algorithms [preauth]

In /var/log/secure on CentOS, Fedora or RHEL:

Feb 18 21:48:25 localhost sshd[14226]: fatal: No supported key exchange algorithms [preauth]

The root cause of this problem is that sshd daemon somehow is not able to load SSH host keys.

When OpenSSH server is first installed on Linux system, SSH host keys should automatically be generated for subsequent use. If, however, key generation was not finished successfully, that can cause SSH login problems like this.

Let's check if SSH host keys are found where they should be.

$ ls -al /etc/ssh/ssh*key

If SSH host keys are not found there, or their size is all truncated to zero (like above), you need to regenerate SSH host keys from scratch.

Regenerate SSH Host Keys

On Debian, Ubuntu or their derivatives, you can use dpkg-reconfigure tool to regenerate SSH host keys as follows.

$ sudo rm -r /etc/ssh/ssh*key
$ sudo dpkg-reconfigure openssh-server

On CentOS, RHEL or Fedora, all you have to do is to restart sshd after removing existing (problematic) keys.

$ sudo rm -r /etc/ssh/ssh*key
$ sudo systemctl restart sshd

An alternative way to regenerate SSH host keys is to manually generate them using ssh-keygen command.

$ sudo ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
$ sudo ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
$ sudo ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key

Once new SSH host keys are generated, make sure that they are found in /etc/ssh directory. There is no need to restart sshd at this point.

$ ls -al /etc/ssh/ssh*key

Now try to SSH again to the SSH server to see if the problem is gone.

Download this article as ad-free PDF (made possible by your kind donation): 
Download PDF

Subscribe to Ask Xmodulo

Do you want to receive Linux related questions & answers published at Ask Xmodulo? Enter your email address below, and we will deliver our Linux Q&A straight to your email box, for free. Delivery powered by Google Feedburner.


Support Xmodulo

Did you find this tutorial helpful? Then please be generous and support Xmodulo!

2 thoughts on “How to fix “sshd error: could not load host key”

  1. Another cause of this issue is incorrect SELinux file contexts on your keys. If you are using a Redhat-based system such as RHEL or CentOS, the following command will sort them out for you:

    restorecon -R /etc/ssh

    In my case, restoring a snapshot to a new droplet in Digital Ocean caused my keys to be re-generated.

Leave a comment

Your email address will not be published. Required fields are marked *