-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, On 02/25/2015 12:56 AM, cagsm wrote:

Needing to replace some older 11.something opensuse box, need new hw as well, so I am looking into fresh install of 13.2 but should I copy over the old ssh key files from the sshd to the new box on the new disk structure or better restart with sshd privatekeys from scratch?

The migration of the keys is entirely your decision. If you choose not to copy them, anyone who previously was able to login remotely, will receive a warning that someone can be doing something nasty and will need to update his known hosts file.

Is there any interesting human-readable output that I can parse and interpret and analyse the private sshd keyfiles so that I know their technical details, encryption, strenght and all?

I am not a crypto expert at all.

I think I currently have the following on the old machine:

-rw-r--r-- 1 root root 334 May 2010 ssh_host_key.pub -rw------- 1 root root 530 May 2010 ssh_host_key -rw-r--r-- 1 root root 605 May 2010 ssh_host_dsa_key.pub -rw------- 1 root root 668 May 2010 ssh_host_dsa_key -rw-r--r-- 1 root root 225 May 2010 ssh_host_rsa_key.pub -rw------- 1 root root 883 May 2010 ssh_host_rsa_key

Any openssl or related command-line tools or instruction to look for interesting details of these files?

The information for each of the keys can be seen with: ssh-keygen -l -f e.g. ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key Best Regards, I. Petrov -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJU7QqPAAoJEH8sJoKRFRU5McQP/3PK4zyDy9h46BlH8feglsYe ZSx55pJYpGAbOZ4Nl+w7ad3rU5jEHrf4/UN42qY0ebq6c8ouhbBkV2X3/SIVFvyi 3HvEKin8uhQujqLcGIopbBu9KWgam3HA5ZVfA9HNT1zo3ET1dQnJYyRokLc1KraD rEuWDGnu/xAgkW/7oRRFE7kgphSW+jlMCKSVZUIiUXcyLUn8na2FBQv66IJR8NfK Cjq+F3pS4tvqj1Rtg+wWGFmIzDMcJa2YNT2eCl4x6yXBi7JamWUq4O6Yn7g4BzSi ypyE5rlue2Yjwe8sS3jc6D6moCIa8FTJDqn72utRZ0Smo3pawMQYokk7ujAWqN/P 4l+bFCQWR65VQRmjxarpwrhf25t0aS0DlRvic+cfhwG6CXQ2jBrUCAl1yMs88Yok 4OHgZKBauJN0cwMN49waI7qxcBiQFVm7e8zi/3NQlXEK0RqvuzSrnt1MAob47Yr+ JudbcnaH5ro5wNseSUG0XUwkoO2n6P64g7EuBjE9vSY6UKlFr/fbnSeqgBpn/plR d8KhXvCk7kjXmNioahi5ZUxmSV57ZIkDtNBJPM+zJeFawJn7nmYJnE7hd6lgwJCl K0VJe22CE7PdHiXuCWfm+GURdDG6pmK5TM3ScD0CrLfFv7Q2o6q7H1wJ6X042akJ xLD9XnUPi1oYH26R5vg4 =srJO -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org

On 02/24/2015 02:56 PM, cagsm wrote:

Needing to replace some older 11.something opensuse box, need new hw as well, so I am looking into fresh install of 13.2 but should I copy over the old ssh key files from the sshd to the new box on the new disk structure or better restart with sshd privatekeys from scratch?

Is there any interesting human-readable output that I can parse and interpret and analyse the private sshd keyfiles so that I know their technical details, encryption, strenght and all?

I am not a crypto expert at all.

I think I currently have the following on the old machine:

-rw-r--r-- 1 root root 334 May 2010 ssh_host_key.pub -rw------- 1 root root 530 May 2010 ssh_host_key -rw-r--r-- 1 root root 605 May 2010 ssh_host_dsa_key.pub -rw------- 1 root root 668 May 2010 ssh_host_dsa_key -rw-r--r-- 1 root root 225 May 2010 ssh_host_rsa_key.pub -rw------- 1 root root 883 May 2010 ssh_host_rsa_key

Any openssl or related command-line tools or instruction to look for interesting details of these files?

Thank you.

Wasn't there an SSH security issue since those keys were generated? If you don't have a large number of users, it might be wise to generate new server keys anyway, and make them longer. 2048 is considered too short these days. -- After all is said and done, more is said than done. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org