[wellylug] ssh key

Mark Signal mark at databackup.co.nz
Wed Oct 6 15:34:22 NZDT 2004


I deeply resent you pointing out the really obvious.....

er .. even if that's exactly what was wrong :)

one ssh restart and all is now working ok....

so all you need to copy are the /etc/ssh/ ssh_host_rsa_key  and
ssh_host_rsa_key.pub

many thanks guys for your help

cheers

Mark Signal






-----Original Message-----
From: wellylug-admin at lists.wellylug.org.nz
[mailto:wellylug-admin at lists.wellylug.org.nz]On Behalf Of Ewen McNeill
Sent: Wednesday, 6 October 2004 3:15 p.m.
To: wellylug at lists.wellylug.org.nz
Subject: Re: [wellylug] ssh key


In message <NEEMLOKBKIAIGNICALNCCEJOCMAA.mark at databackup.co.nz>, Mark Signal
writes:
>I have to shift some public key/private key ssh connections from a redhat
>box to a debian box.  [....]
>It's no problem to shift over the ~/ssh/authorized_keys over but I'm stuck
>with the host id key. I've tried copying the key files in /etc/ssh/ from
the
>old server to the new server but the connecting pc's still whinge about a
>changed (rsa) key fingerprint. What am I missing?

To point out the really obvious: you have restarted the ssh daemon,
right?  (It caches the host keys in memory.)

I've replaced ssh servers with other machines plenty of times, and the
process of:
- copy over the home directories (or at least ~/.ssh/)
- copy over the ssh server config and host keys (/etc/ssh/*)
- move over the IP address
- restart sshd on the new server

makes for "user invisible" changeovers (well except for the users that
were connected at the time).

If you don't move the IP address (and, eg, change the DNS instead)
expect the user to get a warning that the host key is not cached for
that IP address -- providing it is already cached for the name they used
on the ssh command line, it's just a warning that it's being added to
known_hosts and requires no user intervention.

Ewen


--
Wellington Linux Users Group Mailing List: wellylug at lists.wellylug.org.nz
To Leave:  http://lists.wellylug.org.nz/mailman/listinfo/wellylug

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.772 / Virus Database: 519 - Release Date: 1/10/2004

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.772 / Virus Database: 519 - Release Date: 1/10/2004




More information about the wellylug mailing list