Re: Problem with using same dsa hostkeys on 2 different machines, one of which is backup

From: Kapil (kapiltj_at_yahoo.com)
Date: 03/26/04 

Date: 26 Mar 2004 10:19:03 -0800

Hi,

Thanks for the reply.
I was indeed copying the keys as mentioned. However I was
programatically making sshd reread the new keys after copying them,
and that was not being done correctly. Now this works so the problem
is solved.

Thanks
Kapil

dtucker@dodgy.net.au (Darren Tucker) wrote in message news:<c40gbn$v9t$1@gate.dodgy.net.au>...
> In article <a9de1686.0403252047.69c4887@posting.google.com>,
> Kapil <kapiltj@yahoo.com> wrote:
> >I generate the host dsa key pair on one computer. Then I copy the
> >public and private keys to another computer which is to serve as a
> >backup to this one. So it will have the same ip address and domain
> >name if the active one goes down.
> >When I connect to the active from a client computer, it gives no error
> >since the host keys are known.
> >
> >Now after rebooting the active, the backup takes over. Now when trying
> >to ssh to it I get the unknown host key error. When removing the known
> >host key and trying again the client box gets the new public key which
> >is very different than what is stored on the backup computer (which is
> >essentially the same as the one on active). Could some one please let
> >me know why this is happening?
> >How is the client getting a different key? Can it even know it is a
> >different hardware that it is talking to?
>
> When sshd is installed on each system, a set of "host keys", and the host
> keys are different between your main system and your backup system. When
> you connect to the backup server, your SSH client notices that the keys
> have changed and gives that error.
>
> The easiest way to resolve it is to copy the host keys from your primary
> system to the backup (for OpenSSH these are /usr/local/etc/ssh*key*).
>
> >P.S. Please try and cc me.
>
> If you ask here then read it here.

Relevant Pages

  • Re: Problem with using same dsa hostkeys on 2 different machines, one of which is backup
    ... >I generate the host dsa key pair on one computer. ... >When I connect to the active from a client computer, ... >since the host keys are known. ... the backup takes over. ...
    (comp.security.ssh)
  • Re: ssh2
    ... I find the known-hosts in de userdir on windows but there are no entries added and I do not find anywhere the dsa or rsa or whatever keys. ... Yes, that is the original problem, the host keys changed. ... That's why putty can't detect that there's a problem, because it doesn't have the *correct* values, and so doesn't know that there is now an incorrect host key machine at the end of the socket. ...
    (Fedora)
  • ssh key fingerprints
    ... How do I see the fingerprints of my ssh keys, both user and host keys? ...
    (freebsd-questions)
  • OpenSSH_3.1p1 ignores my existing RSA host keys.
    ... new ssh client, it ignores the RSA host keys stored in ... The man page for the old version talks about keeping RSA keys in ... or will all my users need to update their host keys? ...
    (comp.security.ssh)
  • Re: SSH RSA DSA KEYS
    ... Are you concerned with host keys, or with personal keys used for ... both RSA and DSA host keys are generated. ... For personal keys, what is created depends on your command. ...
    (comp.os.linux.security)