ssh “OpenSSH_9.6p1, OpenSSL 3.1.4 24 Oct 2023”
Whenever I log into a remote system with ssh, the following error is added to the system journal.
sshd[32334]: error: main: Host key /etc/ssh/ssh_host_rsa_key: Invalid key length
There are a number of other “host” keys in /etc/sshd/; only the rsa key is considered deficient. The key set was generated in 2023. I presume I must re-generate the rsa key.
What is the recommended method to do so? And what are the possible side effects?
$ ll /etc/ssh/*host_rsa*
-rw------- 1 root root 883 Jun 25 2023 /etc/ssh/ssh_host_rsa_key
-rw-r--r-- 1 root root 225 Jun 25 2023 /etc/ssh/ssh_host_rsa_key.pub
Here’s what I am seeing:
% ls -l /etc/ssh/*rsa*
-rw------- 1 root root 2602 May 31 2025 /etc/ssh/ssh_host_rsa_key
-rw-r--r-- 1 root root 566 May 31 2025 /etc/ssh/ssh_host_rsa_key.pub
The minimum size for RSA keys was increased a year or two ago.
Technically the minimum key length increased.
Typically you can delete the now non-compliant keys and restart the ssh service and it will recreate them. Any hosts that were using the RSA keys to do host authentication will complain that the host keys changed and you’ll have to remove the old key fingerprint from ~/.ssh/known_hosts.
Thank you! That resolved the issue.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.