Re: Moving private SSH keys to new machine?

From: Barton L. Phillips (bartonphillips_at_sbcglobal.net)
Date: 03/08/05

• Next message: John Reese: "Re: Moving private SSH keys to new machine?"
• Previous message: me: "Re: Moving private SSH keys to new machine?"
• In reply to: me: "Re: Moving private SSH keys to new machine?"
• Next in thread: John Reese: "Re: Moving private SSH keys to new machine?"
• Reply: John Reese: "Re: Moving private SSH keys to new machine?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 08 Mar 2005 19:37:19 GMT

me wrote:
> John Reese wrote:
>
>> I realize now that my message was pretty vague. Apologies.
>>
>> We are bringing a new production server on-line. There are hundreds of
>> SSH
>> clients with a public key to the old machine; our goal is to move the
>> keys
>> from the old server to the new one in a manner that is acceptable to the
>> holders of the public keys.
>>
>> I have tried the crude method -- I have moved *all* the old keys to the
>> new server with the same IP as the old server -- but the clients still
>> are
>> refusing to log on, generating a man-in-the-middle warning.
>>
>> Any idea how we can get past this?
>>
>> John Reese
>>
>> On Tue, 08 Mar 2005 16:07:29 +0000, Jem Berkes wrote:
>>
>>
>>>> Can private SSH keys be moved to a different computer?
>>>
>>>
>>> Assuming you're using OpenSSH, yes. Just copy the appropriate files
>>> over (ssh_host* under etc/ssh)
This may not be acceptable but all the clients need to do is remove the
old entry from the know_hosts or know_hosts2 file. I know this is
probably not the way you want to solve the problem.

---

• Next message: John Reese: "Re: Moving private SSH keys to new machine?"
• Previous message: me: "Re: Moving private SSH keys to new machine?"
• In reply to: me: "Re: Moving private SSH keys to new machine?"
• Next in thread: John Reese: "Re: Moving private SSH keys to new machine?"
• Reply: John Reese: "Re: Moving private SSH keys to new machine?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: sshd / ssh setup ... USA server and his windows/xp notebook to use SSH. ... followed sshd instruction and built ... and require users to submit keys. ... (freebsd-questions) Debian SSH server configuration ... Before you flame me --- I asked this question over in debian-ssh and after 24 hours I didn't have a single hit on it. ... I would like to configure a Debian server to only allow clients to ssh in if the public keys already reside on the hard drives of both machines. ... (Debian-User) Re: Is SSH worth it?? ... > Andre sent stuff on Expect which would solve the RSA problem but then I ... DSA keys are only supported by SSH v2. ... and even then have a problem because on the server authorized keys ... (Security-Basics) RE: Publick key authentication problem ... format to keep the encoding correct. ... Check the keys again. ... I have trouble connection to a server with ssh. ... (SSH) Re: sshd / ssh setup ... USA server and his windows/xp notebook to use SSH. ... followed sshd instruction and built ... I don't have many users so I disable ChallengeResponse authentication and require users to submit keys. ... (freebsd-questions)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.os.linux.security  > 2005-03