Question

SSH folder random default keys are present

Posted September 16, 2020 121 views
Security

Hi, when I create droplets I use the existing functionality provided on the website to automatically add ssh keys to the new server.

I can see my keys are added under /root/.ssh/authorized_keys. That works fine.

However, I have noticed that the /etc/ssh folder has some of it`s own default keys which I never put there.

I cannot delete them because the sshd config defaults to them.

\#HostKey /etc/ssh/ssh_host_rsa_key
\#HostKey /etc/ssh/ssh_host_ecdsa_key
\#HostKey /etc/ssh/ssh_host_ed25519_key

At the same time I cannot change the config to point to /root/.ssh/authorized_keys file as it complains about invalid format.

I could not find any documentation explaining the scenario.
https://www.digitalocean.com/docs/droplets/how-to/add-ssh-keys/to-existing-droplet/

edited by bobbyiliev

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hi there @philippe15,

You should not really change the HostKey values in sshd_config to point to the /root/.ssh folder, as the /root/.ssh folder contains your client keys.

The keys that you are seeing in /etc/ssh/ssh_host_<rsa/dsa/ecdsa/ed25519>_key are the host keys. Those host keys are generated automatically by OpenSSH when the server first boots.

For more information on how the SSH Host Keys work I recommend checking out the official documentation here:

https://www.ssh.com/ssh/host-key

Hope that this helps.
Regards,
Bobby

Submit an Answer