Date: Mon, 5 Feb 2007 21:29:27 -0600 From: Brooks Davis <brooks@freebsd.org> To: Arone Silimantia <aronesimi@yahoo.com> Cc: freebsd-security@freebsd.org Subject: Re: post-reload SSH server key transfer ... comments ? Message-ID: <20070206032927.GB55215@lor.one-eyed-alien.net> In-Reply-To: <14020.63738.qm@web58603.mail.re3.yahoo.com> References: <14020.63738.qm@web58603.mail.re3.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--bCsyhTFzCvuiizWE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 05, 2007 at 05:51:38PM -0800, Arone Silimantia wrote: >=20 > I am going to be replacing system X with system Y (which is much > faster, newer). > > I will load up the new system from scratch, and then just copy over > the user data from the old system. Then I will turn off the old > system for good, and set the IP and hostname of the new system to > match the old one. > > Easy. Except everyones ssh connections will complain loudly about > potential MITM attacks, etc. ... > > So, am I correct that I can just tar up /etc/ssh on the old system and > use it to overwrite /etc/ssh on the new system, and that's that ? No > warning message or other problems ? Yes. Actually, the files you need are "/etc/ssh/*_key /etc/ssh/*_key.pub". The others may contain settings you want to move, but don't effect the machine's ssh identity. > ALSO, am I correct that if I copy over their home directories that > contain their ~/.ssh/authorized_keys that those will continue to work > just fine even though they are on a new server ? Yes, they contain no knowledge of the server they are on. -- Brooks --bCsyhTFzCvuiizWE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFFx/YXXY6L6fI4GtQRApq2AJ4msQbrAm4oO7US3lJ67qESn1J6XACg1rQm ts5atpXP0ZvPPXIf9R/01HM= =eI2s -----END PGP SIGNATURE----- --bCsyhTFzCvuiizWE--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070206032927.GB55215>