Re: Replacing server without having to update host key on connecting clients?

On Fri, Jan 30, 2009 at 09:41:28AM -0500, George Horvath (Scotia Capital)
wrote:
into this. We are using RSA host keys that get dumped on the client server

What's a "client server"?

by the package install script. The new server will have the same IP address
and hostname

Then copy the host keys over from the old server to the new one.

They're typically in /etc/ssh/ssh_host_*key* or /usr/local/etc/ssh_host_*key*
(the location is configured at compile time).

Make sure the permissions are correct on the new server. You don't want
the private keys to be readable.

Relevant Pages

  • Compiler matter
    ... I tried to compile a simple hello world C program but the compiler looked ... for the old host name. ... Cannot find the license server ... The lookup for the hostname on the SERVER line in the ...
    (comp.unix.solaris)
  • Re: [9fans] yet another installation guide
    ... I finished the first draft of a cpu/auth server installation/configuration howto: ... don't invalidate the host keys after you've set them! ... refreshing cs is not required for ndb/query to work. ...
    (comp.os.plan9)
  • Re: How to configure dual SSH keys?
    ... one set of host keys. ... running on another port) to access the alternate keys. ... Use HostKey with the alternate server to point to the alternate ... and the one special client would just connect ...
    (comp.security.ssh)
  • Re: How to configure dual SSH keys?
    ... one set of host keys. ... running on another port) to access the alternate keys. ... Use HostKey with the alternate server to point to the alternate ... Root access isn't a facility of the client, ...
    (comp.security.ssh)
  • Re: Host key best practice
    ... > In a pre-installed, pre-configured server, should I leave the sshd ... > host keys as they were generated during factory install or should ... attacks is the attacker's non-possession of the private host key). ...
    (comp.security.ssh)