post-reload SSH server key transfer ... comments ?
Brooks Davis
brooks at freebsd.org
Tue Feb 6 03:55:04 UTC 2007
On Mon, Feb 05, 2007 at 05:51:38PM -0800, Arone Silimantia wrote:
>
> I am going to be replacing system X with system Y (which is much
> faster, newer).
>
> I will load up the new system from scratch, and then just copy over
> the user data from the old system. Then I will turn off the old
> system for good, and set the IP and hostname of the new system to
> match the old one.
>
> Easy. Except everyones ssh connections will complain loudly about
> potential MITM attacks, etc. ...
>
> So, am I correct that I can just tar up /etc/ssh on the old system and
> use it to overwrite /etc/ssh on the new system, and that's that ? No
> warning message or other problems ?
Yes. Actually, the files you need are "/etc/ssh/*_key /etc/ssh/*_key.pub".
The others may contain settings you want to move, but don't effect the
machine's ssh identity.
> ALSO, am I correct that if I copy over their home directories that
> contain their ~/.ssh/authorized_keys that those will continue to work
> just fine even though they are on a new server ?
Yes, they contain no knowledge of the server they are on.
-- Brooks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20070206/9396a2ec/attachment.pgp
More information about the freebsd-security
mailing list