Unable to remotely connect to the ECS instance of the Linux system

This article mainly introduces the reasons and solutions for the "error: Unable to load host key: /etc/ssh/ssh_host_rsa_key" error displayed on an ECS instance remotely connected to a Linux system.

Problem Phenomenon

The ECS instance of the Linux system cannot be connected through SSH. After logging in to the instance through VNC, execute cat var/log/secure or cat var/log/message to check the secure or message log, and an error message similar to the following appears.
error: @ WARNING: UNPROTECTED PRIVATE KEY FILE! @

error: Permissions 0777 for '/etc/ssh/ssh_host_rsa_key' are too open.
error: It is required that your private key files are NOT accessible by others.

error: This private key will be ignored.
error: Unable to load host key "/etc/ssh/ssh_host_rsa_key": bad permissions
error: Unable to load host key: /etc/ssh/ssh_host_rsa_key
error: Unable to load host key "/etc/ssh/ssh_host_rsa_key": invalid format
error: Unable to load host key "/etc/ssh/ssh_host_rsa_key": invalid format
error: Unable to load host key: /etc/ssh/ssh_host_rsa_key
error: Unable to load host key "/etc/ssh/ssh_host_ecdsa_key": invalid format
error: Unable to load host key "/etc/ssh/ssh_host_ecdsa_key": invalid format
error: Unable to load host key: /etc/ssh/ssh_host_ecdsa_key

Problem Causes

• This problem may be due to the abnormality of the key file related to the SSH service in the ECS instance, causing the sshd daemon process to fail to load the correct SSH key. Common key file exceptions are as follows:

The permission configuration of the related key file is abnormal, which makes it impossible to read normally.
For example, the default permission of the private key file is 600. If other permissions such as 777 are configured, other users will also have read or modify permissions. At this point, the SSH service considers the configuration to be a security risk, causing the connection to fail.

• The relevant key file is abnormal, for example, the file is damaged, deleted, or tampered with.

Solution

You can solve this problem by modifying the key permissions related to the SSH service or repairing the key file.

1. Remotely connect to the ECS instance via VNC.

2. Execute the following command to view the public key and key file of the SSH service.
ls -l /etc/ssh

• If the system displays the following information, it means that the public key and key file are lost, go to step 4.

• If the system displays the following information, the public key and key file permissions are 777, and the file size is 0, indicating that the file is abnormal, go to step 3.

illustrate

The permission exception is not only abnormal when it is 777. When the permission exceeds the default permission, an error will appear.

3. Execute the following command to restore the default permissions of the relevant key files.

illustrate
In different Linux distribution versions, the key permissions may be different, you can refer to the key permissions in the same Linux distribution version for modification.

cd /etc/ssh/
sudo chmod 600 ssh_host_*
sudo chmod 644 *.pub

4. Execute the following command to restart the SSH service.

When the SSH service is restarted, related key files will be automatically generated.

sudo systemctl restart sshd.service

5. Execute the following command to confirm that the key-related files have been generated.

ls -l /etc/ssh