Move servers public/private keys to a new host

petesea at bigfoot.com petesea at bigfoot.com
Tue Jan 23 14:22:03 EST 2007


Is it possible to move a server's public and private keys from one host to 
another?  Or perhaps a better way to ask what I really want... is it 
possible to configure a server on a new host to return the same public key 
it did on the old host?

I'm in the process of migrating our CVS server from a Solaris host to a 
Linux host (this weekend) and I just realized the hostkey is going to 
change.

I tried copying the old host's pub/priv keys to the new host, but when I 
start sshd on the new host (using -ddd) I get:

    debug3: Not a RSA1 key file /usr/local/etc/ssh/old_ssh_host_rsa_key
    debug1: PEM_read_PrivateKey failed
    debug1: read PEM private key done: type <unknown>
    Could not load host key: /usr/local/etc/ssh/old_ssh_host_rsa_key

The biggest problem is with all our Windows users.  Since they only use 
SSH (really plink) for CVS access, the CVS command fails if plink detects 
the hostkey has changed.  This is really because the cvs command will fail 
if it gets ANY response it doesn't understand.

Many (most) of our Windows users use various GUI CVS clients that often 
hide any output plink might display, but even if they DO happen to see any 
output, 99% wouldn't know what to do based on the error.

I'm trying to avoid a barrage of tech support calls the day after the 
server changes.


More information about the openssh-unix-dev mailing list