Re: Problem with using same dsa hostkeys on 2 different machines, one of which is backup

From: Kapil (kapiltj_at_yahoo.com)
Date: 03/26/04 

Date: 26 Mar 2004 10:19:03 -0800

Hi,

Thanks for the reply.
I was indeed copying the keys as mentioned. However I was
programatically making sshd reread the new keys after copying them,
and that was not being done correctly. Now this works so the problem
is solved.

Thanks
Kapil

dtucker@dodgy.net.au (Darren Tucker) wrote in message news:<c40gbn$v9t$1@gate.dodgy.net.au>...
> In article <a9de1686.0403252047.69c4887@posting.google.com>,
> Kapil <kapiltj@yahoo.com> wrote:
> >I generate the host dsa key pair on one computer. Then I copy the
> >public and private keys to another computer which is to serve as a
> >backup to this one. So it will have the same ip address and domain
> >name if the active one goes down.
> >When I connect to the active from a client computer, it gives no error
> >since the host keys are known.
> >
> >Now after rebooting the active, the backup takes over. Now when trying
> >to ssh to it I get the unknown host key error. When removing the known
> >host key and trying again the client box gets the new public key which
> >is very different than what is stored on the backup computer (which is
> >essentially the same as the one on active). Could some one please let
> >me know why this is happening?
> >How is the client getting a different key? Can it even know it is a
> >different hardware that it is talking to?
>
> When sshd is installed on each system, a set of "host keys", and the host
> keys are different between your main system and your backup system. When
> you connect to the backup server, your SSH client notices that the keys
> have changed and gives that error.
>
> The easiest way to resolve it is to copy the host keys from your primary
> system to the backup (for OpenSSH these are /usr/local/etc/ssh*key*).
>
> >P.S. Please try and cc me.
>
> If you ask here then read it here.

Relevant Pages

  • Re: z/OS Mainframe - SFTP - Disable Publickey Authentication and only use Password?
    ... ssh requires host keys to be set up. ... instructions I created to set up keys for a system I worked on: ... Search the archives at http://bama.ua.edu/archives/ibm-main.html ...
    (bit.listserv.ibm-main)
  • Re: NettleSSH
    ... Ron wrote: ... on restarting it exits with "no host keys available". ... I tried the code in a few different places in the connection ...
    (comp.sys.acorn.networking)
  • Re: Problem with using same dsa hostkeys on 2 different machines, one of which is backup
    ... >I generate the host dsa key pair on one computer. ... >When I connect to the active from a client computer, ... >since the host keys are known. ... the backup takes over. ...
    (comp.security.ssh)
  • Re: ssh2
    ... I find the known-hosts in de userdir on windows but there are no entries added and I do not find anywhere the dsa or rsa or whatever keys. ... Yes, that is the original problem, the host keys changed. ... That's why putty can't detect that there's a problem, because it doesn't have the *correct* values, and so doesn't know that there is now an incorrect host key machine at the end of the socket. ...
    (Fedora)
  • ssh key fingerprints
    ... How do I see the fingerprints of my ssh keys, both user and host keys? ...
    (freebsd-questions)