Re: openSSH - new keys ?
if you have the updates on the computers, there is no need to create the keys on one computer and carry them around. Acctually, since you just isse the commands and the keys NEVER cross the line, you can even generate them remotely from your computer via the old ssh keys. Even if someone is listening in they cannot see the keys, as they are NEVER send
Also, the keys are used to identify the server. They are afaik NOT used for handling the encryption (async encryption is way too slow for a regular transmission protocoll). So you data will still be protected. That is, if i understood the whole concept right. If i am wrong, correct me
So, what you need to do is go into the /etc/ssh folder and remove all files that are named ssh_host_*
Option 1.) create the keys manually with these commands
and then restart your openssh-server with
sudo ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
sudo ssh-keygen -b 2048 -t rsa -f /etc/ssh/ssh_host_rsa_key
sudo /etc/init.d/ssh restart
run this command which will do all the above by itself.
voila, there are your new keys. Just make sure you delete the old keys from your own known_hosts, or you won't be able tio log in again.
sudo dpkg-reconfigure openssh-server
BTW, while you regenrate and restart the ssh server, the current console stays open even you restart the ssh server. So make sure you can login again before you close the last console to the server. If you close that one and cannot log in - happy walking to the server itself
hope it helps.
Last edited by SpaceTeddy; May 17th, 2008 at 01:06 AM.
Calvin: I'm being educated against my will! My rights are being trampled!
Hobbes: Is it a right to remain ignorant?
Calvin: I don't know, but I refuse to find out!