Security

Re: Restoring SSH's RSA key fingerprint after a re-install

 
BSSG
Frequent Advisor

Restoring SSH's RSA key fingerprint after a re-install

Is there anybody reading this forum who has come up with a good procedure for restoring SSH's RSA key fingerprints of a server following a reinstall? I tried restoring the /opt/ssh/etc/ssh_host?* files backed up prior to the reload, but I still got the authenticity warning when I tried to connect to the server.

Thank you.
5 REPLIES 5
Steven E. Protter
Exalted Contributor

Re: Restoring SSH's RSA key fingerprint after a re-install

Hello BSSG,

The only possible way I know to avoid this situation is to make and restore a make_tape_recovery ignite backup. I'm not sure this will work but it might.

After the restore from other means this file needs to be rebuilt with new footprints.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Denver Osborn
Honored Contributor

Re: Restoring SSH's RSA key fingerprint after a re-install

Following the restore of ssh_host* files, was sshd restarted?

-denver
Denver Osborn
Honored Contributor

Re: Restoring SSH's RSA key fingerprint after a re-install

sorry... my first answer wasn't all that great. I'm not convinced that you'd have to restart sshd to resolve the problem :)

on second thought, your post said you restored the "/opt/ssh/etc/ssh_host*" files. Doesn't HP's build of openssh store those in /etc/opt/ssh/? I'd check your sshd to make sure that the ssh_host* files were restored to the path your sshd config is using...

-denver
BSSG
Frequent Advisor

Re: Restoring SSH's RSA key fingerprint after a re-install

>> on second thought, your post said you restored the "/opt/ssh/etc/ssh_host*" files. Doesn't HP's build of openssh store those in /etc/opt/ssh/? I'd check your sshd to make sure that the ssh_host* files were restored to the path your sshd config is using... <<

The /etc/opt/ssh/ is a symbolic link to /opt/ssh/etc.

>> Following the restore of ssh_host* files, was sshd restarted? <<

Probably not; I probably thought it would be a dynamic lookup. I'll have to test that out. Thanks.
BSSG
Frequent Advisor

Re: Restoring SSH's RSA key fingerprint after a re-install

After restoring the files then restarting sshd, it seemed to work normally without generating an error. Thanks.