Monday, November 22, 2010

Security Onion: SSH Keys

Security Onion is remastered using Remastersys.  As part of the remastering process, Remastersys removes the SSH Host keys.  The end result is that, even though the SSH daemon is running, it will not accept any connections.

To generate SSH host keys, use the ssh-keygen command as follows:
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' 
The SSH daemon will then accept connections normally.  

The next version of Security Onion will include SSH host key generation in its Setup script. 

2 comments:

Peter Setlak said...

Is there supposed to be an output from the command? I got none and also noticed the files existed before running the commands. I still was not able to log in after. Anyone else having experiencing this or am I just glowing green?

Doug Burks said...

Hi Peter,

This is an old post from an old version of Security Onion. This shouldn't be an issue with the current version of Security Onion. Please send further details to our mailing list to troubleshoot further.

Thanks,
Doug