Re: Replacing server without having to update host key on connecting clients?



On Fri, Jan 30, 2009 at 09:41:28AM -0500, George Horvath (Scotia Capital)
wrote:
into this. We are using RSA host keys that get dumped on the client server

What's a "client server"?

by the package install script. The new server will have the same IP address
and hostname

Then copy the host keys over from the old server to the new one.

They're typically in /etc/ssh/ssh_host_*key* or /usr/local/etc/ssh_host_*key*
(the location is configured at compile time).

Make sure the permissions are correct on the new server. You don't want
the private keys to be readable.



Relevant Pages

  • Re: Problem with SSH host keys
    ... Are you sure you want to continue connecting? ... openssh-server and openssh-client change logs ... any changes in openssh-client in jessie that would cause certain server keys ... The host keys are in known_hosts, but are the proper keys (the one you ...
    (Debian-User)
  • Re: Problem with SSH host keys
    ... openssh-server and openssh-client change logs ... any changes in openssh-client in jessie that would cause certain server keys ... The host keys are in known_hosts, but are the proper keys (the one you ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • Compiler matter
    ... I tried to compile a simple hello world C program but the compiler looked ... for the old host name. ... Cannot find the license server ... The lookup for the hostname on the SERVER line in the ...
    (comp.unix.solaris)
  • Re: Problem with SSH host keys
    ... Are you sure you want to continue connecting? ... openssh-server and openssh-client change logs ... any changes in openssh-client in jessie that would cause certain server keys ... The host keys are in known_hosts, but are the proper keys (the one you ...
    (Debian-User)
  • Re: How to configure dual SSH keys?
    ... one set of host keys. ... running on another port) to access the alternate keys. ... Use HostKey with the alternate server to point to the alternate ... and the one special client would just connect ...
    (comp.security.ssh)