Re: Problem with using same dsa hostkeys on 2 different machines, one of which is backup
From: Kapil (kapiltj_at_yahoo.com)
Date: 26 Mar 2004 10:19:03 -0800
Thanks for the reply.
I was indeed copying the keys as mentioned. However I was
programatically making sshd reread the new keys after copying them,
and that was not being done correctly. Now this works so the problem
email@example.com (Darren Tucker) wrote in message news:<firstname.lastname@example.org>...
> In article <email@example.com>,
> Kapil <firstname.lastname@example.org> wrote:
> >I generate the host dsa key pair on one computer. Then I copy the
> >public and private keys to another computer which is to serve as a
> >backup to this one. So it will have the same ip address and domain
> >name if the active one goes down.
> >When I connect to the active from a client computer, it gives no error
> >since the host keys are known.
> >Now after rebooting the active, the backup takes over. Now when trying
> >to ssh to it I get the unknown host key error. When removing the known
> >host key and trying again the client box gets the new public key which
> >is very different than what is stored on the backup computer (which is
> >essentially the same as the one on active). Could some one please let
> >me know why this is happening?
> >How is the client getting a different key? Can it even know it is a
> >different hardware that it is talking to?
> When sshd is installed on each system, a set of "host keys", and the host
> keys are different between your main system and your backup system. When
> you connect to the backup server, your SSH client notices that the keys
> have changed and gives that error.
> The easiest way to resolve it is to copy the host keys from your primary
> system to the backup (for OpenSSH these are /usr/local/etc/ssh*key*).
> >P.S. Please try and cc me.
> If you ask here then read it here.