Your browser does not allow storing cookies. We recommend enabling them.


Invalid Host Key Permissions on Windows

Symptom: Tectia Server fails to start and reports error "Invalid hostkey permissions for hostkey". This occurs usually after upgrading Tectia Server from 4.x to 6.x.

The permissions of the server host key file and directory have been made more strict since the 4.x releases. In 6.x, full permissions are allowed only for the Administrators group and the SYSTEM account, and no other permissions are set at all.

The host key permissions can be updated manually by using the ssh-keygen-g3 tool:

  1. Go to the installation directory of Tectia Server: "C:\Program Files\SSH Communications Security\SSH Tectia"

  2. Set the permissions for the host key by running command:

    $ ssh-keygen-g3 --set-hostkey-owner-and-dacl hostkey

For more information on the tool, see ssh-keygen-g3(1).




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now