OpenSSH8.8

Linux and Unix-Like
1

After upgrading WHM on CloudLinux to OpenSSH8.8
The sshd will not start, several errors.

command-line: line 0: Bad configuration option: GSSAPIKexAlgorithms

or i get
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_rsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Unable to load host key "/etc/ssh/ssh_host_rsa_key": bad permissions
Unable to load host key: /etc/ssh/ssh_host_rsa_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_ecdsa_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Unable to load host key "/etc/ssh/ssh_host_ecdsa_key": bad permissions
Unable to load host key: /etc/ssh/ssh_host_ecdsa_key
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0640 for '/etc/ssh/ssh_host_ed25519_key' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Unable to load host key "/etc/ssh/ssh_host_ed25519_key": bad permissions
Unable to load host key: /etc/ssh/ssh_host_ed25519_key
sshd: no hostkeys available -- exiting.

Anyone else had a similar issue ?

Many thanks
Paul

2

Welcome!

Is your new ssh package from a different repo (not your normal OS repo)?

3

Thanks :slight_smile:

it was outside unfortunately, so think its broken, well it is, just unsure how to revert

4

i did try the os update but that might have been after i did it it diff way

5

It complains about the 0640 permissions. The 4 means group-read permission. You can sharpen the permissions with the shell command

chmod 0600 /etc/ssh/ssh_host_*_key

and disable the offending option

sed -i "s/^GSSAPIKexAlgorithms/#&/" /etc/ssh/sshd_config
2 Likes
6

that's a bit strange, cause GSSAPIKexAlgorithms was introduced in openssh 8. Does that message maybe come from your client?

7

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.