Thursday, March 6, 2014

duplicate host ssh keys

cd /etc/ssh

# ls -l
total 164
-rw-------. 1 root root 125811 Apr  4  2011 moduli
-rw-r-r-. 1 root root   2047 Apr  4  2011 ssh_config
-rw-------  1 root root   3503 Jan 17 15:54 sshd_config
-rw-------  1 root root   3321 Dec  6  2012 sshd_config_03202013
-rw-------. 1 root root   3872 Jun 13  2012 sshd_config.orig
-rw-------. 1 root root    668 Jun 13  2012 ssh_host_dsa_key
-rw-r-r-. 1 root root    590 Jun 13  2012 ssh_host_dsa_key.pub
-rw-------. 1 root root    963 Jun 13  2012 ssh_host_key
-rw-r-r-. 1 root root    627 Jun 13  2012 ssh_host_key.pub
-rw-------. 1 root root   1671 Jun 13  2012 ssh_host_rsa_key
-rw-r-r-. 1 root root    382 Jun 13  2012 ssh_host_rsa_key.pub

mv ssh_host* /tmp

ssh-keygen -t rsa1 -f /etc/ssh/ssh_host_key
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key

service sshd restart

It is best practice for security sake to have every server have a unique SSH host key. 

Just a reminder, that it will break any existing ssh keys job you may have setup for users.

No comments: