sshd@QNX: Could not load host key / Missing privileges separation

1.5k views Asked by At

I followed the manual provided by QNX for SDP 6.6.0 on how to set up the OpenSSH SSH daemon except I tried to get it running on an existing Neutrino OS. To no avail so far. I encountered several pit falls which I could not find to be solved in any guide I found on the web.

It works quite easily and out of the box for QNX 6.5.0. E.g. 'How do you install an ssh server on qnx' which only states to generated keys and start the daemon. But that doesn't seem to be the case anymore.

This is how I've tried to tackle this so far:

  • created folder /etc/ssh and DSA and RSA keys

  • tried starting sshd => error: /etc/ssh/sshd_config

  • created empty file /etc/ssh/sshd_config

  • tried starting sshd => error:

    Could not load host key: /etc/ssh/ssh_host_ecdsa_key
    Missing privileges separation directory: /var/chroot/sshd`
    
  • created folder /var/chroot/sshd and file /etc/ssh/ssh_host_ecdsa_key with proper privileges using chmod 700

P.S.: Why is it that there are only very very few sources actually talking about SSH and QNX. Even QNX only refers to NetBSD by linking their plain man pages. In the BSP guides they handle the topic like "Yeah we've got SSH - you can use it." If not SSH what's then the proper way of remote access?!

1

There are 1 answers

0
Jim McAdams On

OK, gonna answer my question rightaway (since after not posting it, I found the answer some days later):

Long story short. The ssh version on QNX 6.6.0 needs also the ssh_host_ecdsa_key key file generated using ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key. The file was present at my system but somehow corrupted and I just had to generate it again. (I did not know that back then and the manuals I was following don't even mention this key)

I would not recommend following the QNX manual (since it's outdated and especially) if you simply just want to start/configure the sshd daemon (ssh server) on an existing system. Follow 'How do you install an ssh server on qnx' instead.