On Wed, 2012-01-04 at 20:31 +0100, Thomas Göttgens wrote:
Hi James,
depending on your use case:
if you source is a template VM: just delete the keys prior to cloning in the source VM
if you source is a production VM: just delete the keys after cloning on the newly cloned VM
The keys will be regenerated on next startup of openssh if they're missing.
am Mittwoch, 4. Januar 2012 um 20:08 schrieben Sie:
Respecting cloning vm guests, I see in /etc/ssh the following:
ssh_host_dsa_key ssh_host_dsa_key.pub ssh_host_key ssh_host_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub
Is there a simple script somewhere to regenerate all the server host keys for the new guest after cloning?
Is there a process for pre-generating keys so these keys and .ssh/known_hosts can be pre-filled for all users/hosts?
I dislike upgrading servers. I use kickstart from updated sources with integrated configuration files on a new virtual disk to produce an upgraded server without touching the live server. This gives me the chance to test the new server prior to making it live and verifies I can reproduce a failed server at need. Also, this allows me to restage firewalls automatically on a schedule. Let's see a rootkit survive a clean install.
Currently, I'm allowing the keys to be regenerated, but it gets annoying editing my known hosts to remove old entries.
There's got to be a better way.