On Wed, 2012-01-04 at 20:31 +0100, Thomas Göttgens wrote: > Hi James, > > depending on your use case: > > if you source is a template VM: just delete the keys prior to cloning > in the source VM > > if you source is a production VM: just delete the keys after cloning > on the newly cloned VM > > The keys will be regenerated on next startup of openssh if they're > missing. > > am Mittwoch, 4. Januar 2012 um 20:08 schrieben Sie: > > > Respecting cloning vm guests, I see in /etc/ssh the > > following: > > > ssh_host_dsa_key > > ssh_host_dsa_key.pub > > ssh_host_key > > ssh_host_key.pub > > ssh_host_rsa_key > > ssh_host_rsa_key.pub > > > Is there a simple script somewhere to regenerate all the > > server host keys for the new guest after cloning? > Is there a process for pre-generating keys so these keys and .ssh/known_hosts can be pre-filled for all users/hosts? I dislike upgrading servers. I use kickstart from updated sources with integrated configuration files on a new virtual disk to produce an upgraded server without touching the live server. This gives me the chance to test the new server prior to making it live and verifies I can reproduce a failed server at need. Also, this allows me to restage firewalls automatically on a schedule. Let's see a rootkit survive a clean install. Currently, I'm allowing the keys to be regenerated, but it gets annoying editing my known hosts to remove old entries. There's got to be a better way.