Replacing server without having to update host key on connecting clients?


I have a large number of servers sending reports to a central server using keys to automatically sftp the report in. I need to replace the central server without going to each client to update the known_host file with a new key so that the first transfer doesn't break due to the host being replaced. I realize the whole point of strict checking is to notify if the server has been replaced or otherwise modified but I'm sure I'm not the first one to run into this. We are using RSA host keys that get dumped on the client server by the package install script. The new server will have the same IP address and hostname and I'm hoping this will help the situation but I'm assuming the key is generated using a finger print of the server and which would be different from the new one.

Some of the clients are OpenSSH_3.9p1. The central server and most clients are a more recent version of OpenSSH. Sorry but I can't be more specific than that.

Any help would be greatly appreciated.

George Horvath
Project Leader
Bank of Nova Scotia - ISS - TAG Security
Tel: 416-607-4841
E-mail: George_Horvath@xxxxxxxxxxxxxxxxx

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, re-transmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this email in error, please contact the sender immediately by return electronic transmission and then immediately delete this transmission, including all attachments, without copying, distributing or disclosing same. No member of the Scotiabank Group is liable for any errors or omissions in the content or transmission of this email or accepts any responsibility or liability for loss or damage arising from the receipt or use of this transmission. Scotiabank Group may monitor, retain and/or review email. Trading instructions received by e-mail or voicemail will not be accepted or acted upon. Unless indicated in writing, opinions contained in this email are those of the author and are not endorsed by any member of the Scotiabank Group.

For information on some members of the Scotiabank Group:
For authorized users of the Scotia Capital trademark:

Pour obtenir la traduction en français:
Traducción en español:

Relevant Pages

  • Re: How safe am I?
    ... >>clients, let's say ANY Openssh. ... >>spoofed by a hacker, and if successful, would said hacker ... >>to telnet instead of openssh - would also require a hacker ...
  • Re: How safe am I?
    ... >>clients, let's say ANY Openssh. ... >>spoofed by a hacker, and if successful, would said hacker ... >>to telnet instead of openssh - would also require a hacker ...
  • Re: When will oblivion leak?
    ... central server. ... USENET = what you're reading this in, the newsgroups. ... torrent clients are true P2P clients. ...
  • Re: SFTP Server
    ... we can send data to using the VMS SSH client. ... I've tried a few trial versions with limited success, ... to work with many clients when using it as a *server* - however, OpenSSH ...
  • disappearing text
    ... My users are complaining about disappearing text when logged in to the ... central server. ... windows 2003 server enterprise ... windows XP clients ...