Re: Moving private SSH keys to new machine?

From: General Schvantzkoph (schvantzkoph_at_yahoo.com)
Date: 03/09/05


Date: Tue, 08 Mar 2005 19:08:46 -0500

On Tue, 08 Mar 2005 12:14:41 -0600, John Reese wrote:

> I realize now that my message was pretty vague. Apologies.
>
> We are bringing a new production server on-line. There are hundreds of SSH
> clients with a public key to the old machine; our goal is to move the keys
> from the old server to the new one in a manner that is acceptable to the
> holders of the public keys.
>
> I have tried the crude method -- I have moved *all* the old keys to the
> new server with the same IP as the old server -- but the clients still are
> refusing to log on, generating a man-in-the-middle warning.
>
> Any idea how we can get past this?
>
> John Reese
>
> On Tue, 08 Mar 2005 16:07:29 +0000, Jem Berkes wrote:
>
>>> Can private SSH keys be moved to a different computer?
>>
>> Assuming you're using OpenSSH, yes. Just copy the appropriate files over
>> (ssh_host* under etc/ssh)

All you have to do is copy over the authorized_keys file. I use a central
file under /etc/ssh/authorized_keys which I copy to all of my machines. If
you are using per user files under ~/.ssh/ then you will have to copy the
files in to ~/.ssh/ on the new machine. Either way it's easy.



Relevant Pages

  • Re: Moving private SSH keys to new machine?
    ... We are bringing a new production server on-line. ... There are hundreds of SSH ... clients with a public key to the old machine; our goal is to move the keys ...
    (comp.os.linux.security)
  • Explanation of SSH
    ... I am still unclear on how SSH works exactly. ... Client issues SSH command and names server ... "Shopper" says "server sends back its public host and server keys ... Surely there is only one public key it sends ...
    (comp.security.ssh)
  • SSH with Public Key Authentication (Was: Re: Attention: Giorgos Keramidas (Was: CVS Import Permissio
    ... I know that the setting of CVSUMASK on the server machine> works if you use SSH tunneling though. ... I have tried using SSH in the past, and got stuck setting up the public key login. ... In order to use cvs with ssh, we must use public key authentication. ...
    (freebsd-questions)
  • Re: ssh
    ... ssh can use DSA or RSA keys for authentication. ... public key can decrypt. ... is significantly smaller than that for ssh RSA/DSA keypairs. ... host to capture the key (either an unprotected key or a capture of your ...
    (Vuln-Dev)
  • RE: TIPS FOR THE NEWCOMER
    ... using your old private key, so there's no point in keeping a backup. ... > security risk if I send this through e-mail as an attachment to the ssh ... > has been compromised it does not really matter since it is a public key ... > more words for the passphrase it gets harder to crack? ...
    (SSH)