sshd

.ssh – Permission

If any of the files (or directories leading up to the files) have permissions set too loose, the connection will fail. Permission errors may be logged on the server side by the sshd(8) daemon.

Authentication refused: bad ownership or modes for directory …

In most cases, potential permission problems can be solved by restricting down access to the SSH configuration files. Permission changes to the home directory might be needed, though restricted rights may break other things.

server$ chmod go-w ~/
server$ chmod 700 ~/.ssh
server$ chmod 600 ~/.ssh/authorized_keys

OpenSSH – Generate server key

OpenSSH require different keys depending if you use SSH1 or SSH2 protocol. All keys are generated by “ssh-keygen” commad, that one should be available on your system with the ssh package. Default key lengths are also appropriate (2048 bits for rsa and 1024 bits for dsa)
For SSH1 protocol, you need a rsa1 key generated has follow:

# ssh-keygen -q -f /etc/ssh/ssh_host_key -N '' -t rsa1

For SSH2 protocol, you need two keys, one rsa key and one dsa key generated has follow:

# ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
# ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa

SSH key

Nel caso succeda che il demone sshd non parta per i seguenti motivi:

Could not load host key: /etc/ssh/ssh_host_key
Could not load host key: /etc/ssh/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key

Con questi comandi si generano le chiavi host:

ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key