[opensuse] Migrating older opensuse box: Keeping old ssh private keys of sshd good idea or better recreate sshd keys?
Needing to replace some older 11.something opensuse box, need new hw as well, so I am looking into fresh install of 13.2 but should I copy over the old ssh key files from the sshd to the new box on the new disk structure or better restart with sshd privatekeys from scratch? Is there any interesting human-readable output that I can parse and interpret and analyse the private sshd keyfiles so that I know their technical details, encryption, strenght and all? I am not a crypto expert at all. I think I currently have the following on the old machine: -rw-r--r-- 1 root root 334 May 2010 ssh_host_key.pub -rw------- 1 root root 530 May 2010 ssh_host_key -rw-r--r-- 1 root root 605 May 2010 ssh_host_dsa_key.pub -rw------- 1 root root 668 May 2010 ssh_host_dsa_key -rw-r--r-- 1 root root 225 May 2010 ssh_host_rsa_key.pub -rw------- 1 root root 883 May 2010 ssh_host_rsa_key Any openssl or related command-line tools or instruction to look for interesting details of these files? Thank you. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op dinsdag 24 februari 2015 23:56:07 schreef cagsm:
Needing to replace some older 11.something opensuse box, need new hw as well, so I am looking into fresh install of 13.2 but should I copy over the old ssh key files from the sshd to the new box on the new disk structure or better restart with sshd privatekeys from scratch?
Is there any interesting human-readable output that I can parse and interpret and analyse the private sshd keyfiles so that I know their technical details, encryption, strenght and all?
I am not a crypto expert at all.
I think I currently have the following on the old machine:
-rw-r--r-- 1 root root 334 May 2010 ssh_host_key.pub -rw------- 1 root root 530 May 2010 ssh_host_key -rw-r--r-- 1 root root 605 May 2010 ssh_host_dsa_key.pub -rw------- 1 root root 668 May 2010 ssh_host_dsa_key -rw-r--r-- 1 root root 225 May 2010 ssh_host_rsa_key.pub -rw------- 1 root root 883 May 2010 ssh_host_rsa_key
Any openssl or related command-line tools or instruction to look for interesting details of these files?
Thank you.
openSUSE 13.2 has: -rw------- 1 root root 668 5 jun 2012 ssh_host_dsa_key -rw-r--r-- 1 root root 601 5 jun 2012 ssh_host_dsa_key.pub -rw------- 1 root root 227 17 nov 2011 ssh_host_ecdsa_key -rw-r--r-- 1 root root 173 17 nov 2011 ssh_host_ecdsa_key.pub -rw------- 1 root root 399 31 mei 2014 ssh_host_ed25519_key -rw-r--r-- 1 root root 92 31 mei 2014 ssh_host_ed25519_key.pub -rw------- 1 root root 980 17 nov 2011 ssh_host_key -rw-r--r-- 1 root root 645 17 nov 2011 ssh_host_key.pub -rw------- 1 root root 1679 17 nov 2011 ssh_host_rsa_key -rw-r--r-- 1 root root 397 17 nov 2011 ssh_host_rsa_key.pub -- fr.gr. member openSUSE Freek de Kruijf -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, On 02/25/2015 12:56 AM, cagsm wrote:
Needing to replace some older 11.something opensuse box, need new hw as well, so I am looking into fresh install of 13.2 but should I copy over the old ssh key files from the sshd to the new box on the new disk structure or better restart with sshd privatekeys from scratch?
The migration of the keys is entirely your decision. If you choose not to copy them, anyone who previously was able to login remotely, will receive a warning that someone can be doing something nasty and will need to update his known hosts file.
Is there any interesting human-readable output that I can parse and interpret and analyse the private sshd keyfiles so that I know their technical details, encryption, strenght and all?
I am not a crypto expert at all.
I think I currently have the following on the old machine:
-rw-r--r-- 1 root root 334 May 2010 ssh_host_key.pub -rw------- 1 root root 530 May 2010 ssh_host_key -rw-r--r-- 1 root root 605 May 2010 ssh_host_dsa_key.pub -rw------- 1 root root 668 May 2010 ssh_host_dsa_key -rw-r--r-- 1 root root 225 May 2010 ssh_host_rsa_key.pub -rw------- 1 root root 883 May 2010 ssh_host_rsa_key
Any openssl or related command-line tools or instruction to look for interesting details of these files?
The information for each of the keys can be seen with:
ssh-keygen -l -f
On Wed, Feb 25, 2015 at 12:34 AM, I.Petrov
The information for each of the keys can be seen with: ssh-keygen -l -f
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
They all show 1024 prefix, so at least for RSA as I understand there should be higher values these days. I better migrate to completely fresh ssh host keys I guess. Thank you a lot. C. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 02/24/2015 02:56 PM, cagsm wrote:
Needing to replace some older 11.something opensuse box, need new hw as well, so I am looking into fresh install of 13.2 but should I copy over the old ssh key files from the sshd to the new box on the new disk structure or better restart with sshd privatekeys from scratch?
Is there any interesting human-readable output that I can parse and interpret and analyse the private sshd keyfiles so that I know their technical details, encryption, strenght and all?
I am not a crypto expert at all.
I think I currently have the following on the old machine:
-rw-r--r-- 1 root root 334 May 2010 ssh_host_key.pub -rw------- 1 root root 530 May 2010 ssh_host_key -rw-r--r-- 1 root root 605 May 2010 ssh_host_dsa_key.pub -rw------- 1 root root 668 May 2010 ssh_host_dsa_key -rw-r--r-- 1 root root 225 May 2010 ssh_host_rsa_key.pub -rw------- 1 root root 883 May 2010 ssh_host_rsa_key
Any openssl or related command-line tools or instruction to look for interesting details of these files?
Thank you.
Wasn't there an SSH security issue since those keys were generated? If you don't have a large number of users, it might be wise to generate new server keys anyway, and make them longer. 2048 is considered too short these days. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
cagsm
-
Freek de Kruijf
-
I.Petrov
-
John Andersen