[wellylug] ssh key
Ewen McNeill
wellylug at ewen.mcneill.gen.nz
Wed Oct 6 15:15:05 NZDT 2004
In message <NEEMLOKBKIAIGNICALNCCEJOCMAA.mark at databackup.co.nz>, Mark Signal writes:
>I have to shift some public key/private key ssh connections from a redhat
>box to a debian box. [....]
>It's no problem to shift over the ~/ssh/authorized_keys over but I'm stuck
>with the host id key. I've tried copying the key files in /etc/ssh/ from the
>old server to the new server but the connecting pc's still whinge about a
>changed (rsa) key fingerprint. What am I missing?
To point out the really obvious: you have restarted the ssh daemon,
right? (It caches the host keys in memory.)
I've replaced ssh servers with other machines plenty of times, and the
process of:
- copy over the home directories (or at least ~/.ssh/)
- copy over the ssh server config and host keys (/etc/ssh/*)
- move over the IP address
- restart sshd on the new server
makes for "user invisible" changeovers (well except for the users that
were connected at the time).
If you don't move the IP address (and, eg, change the DNS instead)
expect the user to get a warning that the host key is not cached for
that IP address -- providing it is already cached for the name they used
on the ssh command line, it's just a warning that it's being added to
known_hosts and requires no user intervention.
Ewen
More information about the wellylug
mailing list