HPE Community
Operating System - HP-UX
1824908 Members
3897 Online
109677 Solutions
New Discussion юеВ

SSH keys and new ip address

 
Gord Moore
Frequent Advisor

тАО09-26-2004 04:20 PM

тАО09-26-2004 04:20 PM

SSH keys and new ip address

I am confused about ssh and the keys, but I think that key authorization is my current problem. Maybe you can confirm this for me.

I am running HP-UX 11i and the ssh is version OpenSSH_3.6.1p2, SSH protocols 1.5/2.0 on both nodes.

I moved a node in our network and gave it a new ip address. I can ssh to other nodes properly using passwords (so the network is fine), but it seems that there is an application that uses key-less login on a remote node. Do I have to re-generate private/public keys for the node with the new ip? Can I just append the keys to the remote nodes ~/.ssh2/authorization for each and every user on the remote (or do I mean local) node, and do I have to remove the old authorization first?

I am browsing through Chris Vail's document, and even the many pages from newfdog, but I don't see an exact answer to my situation.

Thanks for your help.
0 Kudos
Reply
5 REPLIES 5
Gord Moore
Frequent Advisor

тАО09-26-2004 04:34 PM

тАО09-26-2004 04:34 PM

Re: SSH keys and new ip address

Sorry, the "authorization" in my question should be "authorized_keys", but then maybe I mean "host_keys". Time to take a break, me thinks.
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

тАО09-26-2004 05:31 PM

тАО09-26-2004 05:31 PM

Re: SSH keys and new ip address

Hi Gord,

It depends on which node you changed the IP. Say systemA does non-interactive ssh sessions to systemB.

If you change the IP address of systemB, then you don't need to do anything as systemA's public key will remain unchanged on systemB.

However, if you change the IP address of systemA, then you will need to generate the public/private key again on systemA and modify authorized_keys file on systemB with the new key. You don't need to touch the existing entry (you can delete it) as this will be treated as a new system. It's almost like a new system.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Scott Palmer_1
Trusted Contributor

тАО09-28-2004 01:25 AM

тАО09-28-2004 01:25 AM

Re: SSH keys and new ip address

The answer is no. If you move the IP address, as long as you dont change the private key, you are ok. The public key is verified against the private key. I took an ignite of a system that was already using the keys for password less login. On the new system, I noticed that the keys were already set up. Now if you change the name of the system, I believe that you have to regen the keys.

Hope this helps

Scott Palmer
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО09-28-2004 01:53 AM

тАО09-28-2004 01:53 AM

Re: SSH keys and new ip address

Usually when you change ip addresses you need to edit the $HOME/.ssh/known_hosts file and take out entries on all nodes to the old and new ip addresss.

Otherwise you'll get bounce warnings that will warn you of security problems.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Sanjay_6
Honored Contributor

тАО09-28-2004 02:45 AM

тАО09-28-2004 02:45 AM

Re: SSH keys and new ip address

Hi,

I think you'll have to regerate the keys to allow ssh without password.

Try this link on how to create the ssh keys when you are using ssh1/ssh2/openssh.

http://bumblebee.lcs.mit.edu/ssh2/

hope this helps.

Regds
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.