sshd 未提供 ecdsa/ed25519 主机密钥算法

我们已经设置了一个堡垒，它仅ssh-rsa在查询时使用主机密钥算法进行响应：

ssh-keyscan bastion.ops.dev.xxx.com

# bastion.ops.dev.xxx.com:22 SSH-2.0-OpenSSH_7.4
# bastion.ops.dev.xxx.com:22 SSH-2.0-OpenSSH_7.4
bastion.ops.dev.xxx.com ssh-rsa AAAAB3Nza...+REOQ8RMWBWH
# bastion.ops.dev.xxx.com:22 SSH-2.0-OpenSSH_7.4
# bastion.ops.dev.xxx.com:22 SSH-2.0-OpenSSH_7.4
# bastion.ops.dev.xxx.com:22 SSH-2.0-OpenSSH_7.4

尽管/etc/ssh/sshd_config看起来合理，并且包含以下参数：

HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

密钥本身看起来也很合理并且具有适当的权限。

-rw-r----- 1 root ssh_keys 2602 Mar 15 08:58 ssh_host_ecdsa_key
-rw-r--r-- 1 root root      572 Mar 15 08:58 ssh_host_ecdsa_key.pub
-rw-r----- 1 root ssh_keys  411 Mar 15 08:58 ssh_host_ed25519_key
-rw-r--r-- 1 root root      100 Mar 15 08:58 ssh_host_ed25519_key.pub
-rw-r----- 1 root ssh_keys 1675 Mar 15 08:57 ssh_host_rsa_key
-rw-r--r-- 1 root root      382 Mar 15 08:57 ssh_host_rsa_key.pub

检查钥匙

ssh-keygen -y -e -f ssh_host_ecdsa_key

Comment: "3072-bit RSA, converted by root@xxx"
AAAAB3....
---- END SSH2 PUBLIC KEY ----

（RSA 对于 ECDSA 密钥来说正确吗？）

和

ssh-keygen -y -e -f ssh_host_ed25519_key

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "256-bit ED25519, converted by root@xxx"
AAAAC.../keIIubitK
---- END SSH2 PUBLIC KEY ----

我检查了systemctl status sshd一下，发现出现了错误：

Mar 15 09:56:04 ip-xxx.eu-central-1.compute.internal systemd[1]: Stopping OpenSSH server daemon...
Mar 15 09:56:04 ip-xxx.eu-central-1.compute.internal sshd[1183]: Received signal 15; terminating.
Mar 15 09:56:04 ip-xxx.eu-central-1.compute.internal systemd[1]: Stopped OpenSSH server daemon.
Mar 15 09:56:04 ip-xxx.eu-central-1.compute.internal systemd[1]: Starting OpenSSH server daemon...
Mar 15 09:56:04 ip-xxx.eu-central-1.compute.internal sshd[5216]: Could not load host key: /etc/ssh/ssh_host_ecdsa_key
Mar 15 09:56:04 ip-xxx.eu-central-1.compute.internal sshd[5216]: Server listening on 0.0.0.0 port 22.
Mar 15 09:56:04 ip-xxx.eu-central-1.compute.internal sshd[5216]: Could not load host key: /etc/ssh/ssh_host_ed25519_key
Mar 15 09:56:04 ip-xxx.eu-central-1.compute.internal sshd[5216]: Server listening on :: port 22.
Mar 15 09:56:04 ip-xxx.eu-central-1.compute.internal systemd[1]: Started OpenSSH server daemon.
Mar 15 09:56:10 ip-xxx.eu-central-1.compute.internal sshd[5218]: error: Could not load host key: /etc/ssh/ssh_host_ecdsa_key

我怎样才能找到它们？