[wellylug] ssh key
Mark Signal
mark at databackup.co.nz
Wed Oct 6 15:34:22 NZDT 2004
I deeply resent you pointing out the really obvious.....
er .. even if that's exactly what was wrong :)
one ssh restart and all is now working ok....
so all you need to copy are the /etc/ssh/ ssh_host_rsa_key and
ssh_host_rsa_key.pub
many thanks guys for your help
cheers
Mark Signal
-----Original Message-----
From: wellylug-admin at lists.wellylug.org.nz
[mailto:wellylug-admin at lists.wellylug.org.nz]On Behalf Of Ewen McNeill
Sent: Wednesday, 6 October 2004 3:15 p.m.
To: wellylug at lists.wellylug.org.nz
Subject: Re: [wellylug] ssh key
In message <NEEMLOKBKIAIGNICALNCCEJOCMAA.mark at databackup.co.nz>, Mark Signal
writes:
>I have to shift some public key/private key ssh connections from a redhat
>box to a debian box. [....]
>It's no problem to shift over the ~/ssh/authorized_keys over but I'm stuck
>with the host id key. I've tried copying the key files in /etc/ssh/ from
the
>old server to the new server but the connecting pc's still whinge about a
>changed (rsa) key fingerprint. What am I missing?
To point out the really obvious: you have restarted the ssh daemon,
right? (It caches the host keys in memory.)
I've replaced ssh servers with other machines plenty of times, and the
process of:
- copy over the home directories (or at least ~/.ssh/)
- copy over the ssh server config and host keys (/etc/ssh/*)
- move over the IP address
- restart sshd on the new server
makes for "user invisible" changeovers (well except for the users that
were connected at the time).
If you don't move the IP address (and, eg, change the DNS instead)
expect the user to get a warning that the host key is not cached for
that IP address -- providing it is already cached for the name they used
on the ssh command line, it's just a warning that it's being added to
known_hosts and requires no user intervention.
Ewen
--
Wellington Linux Users Group Mailing List: wellylug at lists.wellylug.org.nz
To Leave: http://lists.wellylug.org.nz/mailman/listinfo/wellylug
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.772 / Virus Database: 519 - Release Date: 1/10/2004
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.772 / Virus Database: 519 - Release Date: 1/10/2004
More information about the wellylug
mailing list