Re: Host keys after cloning

From: Greg Wooledge (wooledg_at_eeg.ccf.org)
Date: 08/27/04

  • Next message: Leif Ericksen: "Re: Host keys after cloning"
    Date: Fri, 27 Aug 2004 07:37:33 -0400
    To: Ugo Bellavance <ugob@camo-route.com>
    
    

    On Thu, Aug 26, 2004 at 02:56:26PM -0400, Ugo Bellavance wrote:
    > I just cloned a server to save install time, but now I realize that
    > the ssh host key is the same for every server. That makes sense since I
    > cloned them, but I was wondering if that was insecure, and how to
    > regenerate them.

    1) Yes, it's generally a bad idea to use the same host keys on different
       hosts, unless you're running them as a cluster.

    2) Delete the old host keys, and then regenerate them thus:

         ssh-keygen -t rsa1 -f /usr/local/etc/ssh_host_key -N ""
         ssh-keygen -t dsa -f /usr/local/etc/ssh_host_dsa_key -N ""
         ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N ""

    (Substitute the proper directory, of course, if yours aren't in
    /usr/local/etc.)


  • Next message: Leif Ericksen: "Re: Host keys after cloning"

    Relevant Pages

    • Re: Problem with SSH host keys
      ... Are you sure you want to continue connecting? ... openssh-server and openssh-client change logs ... any changes in openssh-client in jessie that would cause certain server keys ... The host keys are in known_hosts, but are the proper keys (the one you ...
      (Debian-User)
    • Re: Problem with SSH host keys
      ... openssh-server and openssh-client change logs ... any changes in openssh-client in jessie that would cause certain server keys ... The host keys are in known_hosts, but are the proper keys (the one you ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
      (Debian-User)
    • Re: Problem with SSH host keys
      ... Are you sure you want to continue connecting? ... openssh-server and openssh-client change logs ... any changes in openssh-client in jessie that would cause certain server keys ... The host keys are in known_hosts, but are the proper keys (the one you ...
      (Debian-User)
    • Re: How to configure dual SSH keys?
      ... one set of host keys. ... running on another port) to access the alternate keys. ... Use HostKey with the alternate server to point to the alternate ... and the one special client would just connect ...
      (comp.security.ssh)
    • Re: [9fans] yet another installation guide
      ... I finished the first draft of a cpu/auth server installation/configuration howto: ... don't invalidate the host keys after you've set them! ... refreshing cs is not required for ndb/query to work. ...
      (comp.os.plan9)