Page 1 of 1

Generating new ssh keys

Posted: 2016/01/28 14:29:22
by taylorkh
When I clone an OS image to a new, identical hardware PC I of course need to change the host name in a couple of places on the new machine. I suspect it is also good practice to generate new ssh keys for use by openssh server. I found an article here http://www.softec.lu/site/DevelopersCor ... rateNewSsh which outlines the process.

I can generate new dsa, ecdsa and rsa keys using the commands in the article. However, I also find an ed25519 key in /etc/ssh. It was dated the same as the other keys - the data I installed the original OS. Employing my usual monkey see monkey copy/paste/tweak approach I tried the command

Code: Select all

ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519
The seems to have worked. It generated keypair files, a fingerprint and a randomart image. The -N and -t parameters seem to be correct according to the man page.

Can anyone confirm that I have supplied all of the necessary inputs to create a valid ed2519 key? Or a way I can test the key for validity?

TIA,

Ken

Re: Generating new ssh keys

Posted: 2016/01/28 17:06:17
by TrevorH
I'm pretty sure that if you just remove the /etc/ssh/sshd_host* files then it will automatically regenerate them on the next start.

Re: Generating new ssh keys

Posted: 2016/01/28 17:19:24
by taylorkh
Thanks TrevorH,

I just tried that on a virtual machine. The ecdsa, ed25519 and rsa keys came back. The dsa key did not. Perhaps it is not needed or obsoleted. I will try this approach and if anything ever barfs I will try to remember to manually create a new rsa key :mrgreen:

Please mark this thread as solved!

Thanks again,

Ken