Hi,
After changing a new host name in Solaris 9 of a server, I found out that the files /etc/ssh/ssh_host_rsa_key.pub and /etc/ssh/ssh_host_dsa_key.pub still contains of old host name. I believe it should contains new host name instead of the old one. How do I go about it to make the changes in the correct way?
Thanks in advance.
I did not check what the other reply says (assume is correct)
but that would surprise me that changing the host name would
automatically change any reference in ssh keys, as they
are generated (and can be generated manually, in case).
it's just as if changing the host name every occurance of the
old name in any text file is changed, and that does not sound
quite right, so try generating new keys and you should have
those with the new host name in place.
If you generate a new key, you wil lhave to update the "authorized_keys" file that has that key in it.
Changing a hostname can involve a lot of work when using a network of computers "linked" through ssh. The 'known_host" file in ~user/.ssh uses either the hostname or the IP address to find the public encryption key to work with when communicating with a remote host. So, if you change the name of a host, then any user on an external host wants to connect to the new hostname, will get prompted about the hosts identity, and have to answer "yes" or "no". When they answer "yes" a new entry is made into the known_hosts file and the old obsolete one just sits there.
If the key was not changed, then you have duplicate keys, with different names. Do you care?
If you wanted to, you could edit the file to change the name, or edit the file to remove the old key.
This effort will be the same whether you generated a new key for the host whose name changed or not. If you edited its public key to change the name, you would still have the same effort on the remote computers that attempt to use ssh to connect to this one.
Since it is easy to make editing errors, I recommend that you regen the key under the new name, print a copy of the key, then remove the old public key wherever you know it to exist in the known_hosts files, and then ssh to the renamed server, check that the displayed identification and public key information matches your new key and then answer "yes" or "no" as appropriate. This way you can minimize your errors, and possibly catch a sneak.
> I did not check what the other reply says (assume is
> correct)
> but that would surprise me that changing the host
> name would
> automatically change any reference in ssh keys, as
> they
> are generated (and can be generated manually, in
> case).
They are not automatically changed, and there is no need to change them if you don't want to.
> it's just as if changing the host name every
> occurance of the
> old name in any text file is changed, and that does
> not sound
> quite right, so try generating new keys and you
> should have
> those with the new host name in place.
You don't need to generate new keys. I mean, you can generate new keys whenever you want to, but I don't see how it would help you here.
--
Darren
> If you generate a new key, you wil lhave to update
> the "authorized_keys" file that has that key in it.
That would be for user keys. Host keys are not placed into authorized_keys files.
I probably wouldn't bother generating a new host key for a host rename unless something else was occuring.
--
Darren
