Closed Kataane closed 5 months ago
Good catch. I'll add. Thanks.
Adding this line to /etc/ssh/sshd_config does not work for me:
sudo service sshd restart
Job for ssh.service failed because the control process exited with error code.
See "systemctl status ssh.service" and "journalctl -xeu ssh.service" for details.
systemctl status ssh.service
× ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2024-03-05 00:05:22 UTC; 11s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 11172 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=255/EXCEPTION)
CPU: 12ms
Mar 05 00:05:22 servertosh systemd[1]: ssh.service: Scheduled restart job, restart counter is at 5.
Mar 05 00:05:22 servertosh systemd[1]: Stopped OpenBSD Secure Shell server.
Mar 05 00:05:22 servertosh systemd[1]: ssh.service: Start request repeated too quickly.
Mar 05 00:05:22 servertosh systemd[1]: ssh.service: Failed with result 'exit-code'.
Mar 05 00:05:22 servertosh systemd[1]: Failed to start OpenBSD Secure Shell server.
sudo /usr/sbin/sshd -T
/etc/ssh/sshd_config: line 84: Bad configuration option: HashKnownHosts
/etc/ssh/sshd_config: terminating, 1 bad configuration options
removing it fixes the problem.
I think it is supposed to go into /etc/ssh/ssh_config
Maybe only some versions support the config? When I man sshd_config
, I do not see HashKnownHosts
as an option?
So this is an SSH client configuration, not a SSH server configuration. It is for /etc/ssh/ssh_config
.
Thanks for all your hard work.
I would like to clarify that nowhere did I find mention of HashKnownHosts and that it is better to set HashKnownHosts yes in ssh_config.
This is especially important when using public keys instead of password login. For example, if a server is used as a point of entry to another server via ssh.
You can read more about this in: mozilla OpenSSH server. mit edu about sshworm linux-audit serverfault
Maybe this will be useful to someone.