Move servers public/private keys to a new host
petesea at bigfoot.com
petesea at bigfoot.com
Tue Jan 23 14:22:03 EST 2007
Is it possible to move a server's public and private keys from one host to
another? Or perhaps a better way to ask what I really want... is it
possible to configure a server on a new host to return the same public key
it did on the old host?
I'm in the process of migrating our CVS server from a Solaris host to a
Linux host (this weekend) and I just realized the hostkey is going to
change.
I tried copying the old host's pub/priv keys to the new host, but when I
start sshd on the new host (using -ddd) I get:
debug3: Not a RSA1 key file /usr/local/etc/ssh/old_ssh_host_rsa_key
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Could not load host key: /usr/local/etc/ssh/old_ssh_host_rsa_key
The biggest problem is with all our Windows users. Since they only use
SSH (really plink) for CVS access, the CVS command fails if plink detects
the hostkey has changed. This is really because the cvs command will fail
if it gets ANY response it doesn't understand.
Many (most) of our Windows users use various GUI CVS clients that often
hide any output plink might display, but even if they DO happen to see any
output, 99% wouldn't know what to do based on the error.
I'm trying to avoid a barrage of tech support calls the day after the
server changes.
More information about the openssh-unix-dev
mailing list