Last updated on October 17, 2020 by Dan Nanni
Connection closed by X.X.X.X. On the SSH server side, I see error messages:
sshd error: could not load host key. What is going on, and how can I fix this error?
The detailed symptom of this SSH connection error is as follows.
On SSH client side, you have enabled key authentication for a remote SSH server. However, when you attempt to connect to the SSH server, you don't see login screen, and your SSH connection is closed right away with the following messages:
Connection closed by XXXX
Connection reset by XXXX
On SSH server side, the system log has the following error messages:
/var/log/auth.log on Ubuntu, Debian or Linux Mint:
Oct 16 08:59:45 openstack sshd: error: Could not load host key: /etc/ssh/ssh_host_rsa_key Oct 16 08:59:45 openstack sshd: error: Could not load host key: /etc/ssh/ssh_host_dsa_key Oct 16 08:59:45 openstack sshd: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key Oct 16 08:59:45 openstack sshd: fatal: No supported key exchange algorithms [preauth]
/var/log/secure on CentOS, Fedora or RHEL:
Feb 18 21:48:25 localhost sshd: fatal: No supported key exchange algorithms [preauth]
The root cause of this problem is that
sshd daemon somehow is not able to load SSH host keys properly.
When OpenSSH server is first installed on Linux system, SSH host keys should automatically be generated for subsequent use. If, however, key generation was not finished successfully, that can cause SSH login problems like this.
Let's check if SSH host keys are found where they should be.
$ ls -al /etc/ssh/ssh*key
If SSH host keys are not found there, or their size is all truncated to zero (like above), you need to regenerate SSH host keys from scratch.
On Ubuntu, Debian or their derivatives, you can use
dpkg-reconfigure tool to regenerate SSH host keys as follows.
$ sudo rm -r /etc/ssh/ssh*key $ sudo dpkg-reconfigure openssh-server
On CentOS, RHEL or Fedora, all you have to do is to restart
sshd after removing existing (problematic) keys.
$ sudo rm -r /etc/ssh/ssh*key $ sudo systemctl restart sshd
An alternative way to regenerate SSH host keys is to manually generate them using
ssh-keygen command as follows.
$ sudo ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key $ sudo ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key $ sudo ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
Once new SSH host keys are generated, make sure that they are found in
/etc/ssh directory. There is no need to restart
sshd at this point.
$ ls -al /etc/ssh/ssh*key
Now try to SSH again to the SSH server to see if the problem is gone.
Please note that this article is published by Xmodulo.com under a Creative Commons Attribution-ShareAlike 3.0 Unported License. If you would like to use the whole or any part of this article, you need to cite this web page at Xmodulo.com as the original source.