Discussion:
Moving the SSH key from one machine to another
(too old to reply)
Jeremy Begg
2008-07-21 04:39:13 UTC
Permalink
Hi,

We are moving from;
MultiNet V5.1 Rev A-X, COMPAQ AlphaServer DS20E 666 MHz, OpenVMS AXP V8.3

to:
MultiNet V5.2 Rev A-X, HP rx2660 (1.59GHz/9.0MB), OpenVMS I64 V8.3-1H1

The Integrity server will get the hostname and IP address presently in use
by the AlphaServer.

We'd like to make the transition for users as seemless as possible. A
number of users rely on SSH a fair bit. Can we copy the SSH key files
HOSTKEY. and HOSTKEY.PUB from one server to the other, so that users don't
get an error from their SSH clients when they first log in to the Integrity
server? (The error we would expect them to see is something like "remote
host key has changed, do you want to continue?")

Thanks,

Jeremy Begg

+---------------------------------------------------------+
| VSM Software Services Pty. Ltd. |
| http://www.vsm.com.au/ |
| "OpenVMS Systems Management & Programming" |
|---------------------------------------------------------|
| P.O.Box 402, Walkerville, | E-Mail: ***@vsm.com.au |
| South Australia 5081 | Phone: +61 8 8221 5188 |
|---------------------------| Mobile: 0414 422 947 |
| A.C.N. 068 409 156 | FAX: +61 8 8221 7199 |
+---------------------------------------------------------+
Ken Connelly
2008-07-21 11:37:30 UTC
Permalink
Jeremy -

I would not expect this to be a problem. I've done similar things in
that several of the Alpha nodes in my cluster that are usually addressed
by a single common name (via DNS round-robin) each have keys that were
copied from one of the group.

-ken
Post by Jeremy Begg
Hi,
We are moving from;
MultiNet V5.1 Rev A-X, COMPAQ AlphaServer DS20E 666 MHz, OpenVMS AXP V8.3
MultiNet V5.2 Rev A-X, HP rx2660 (1.59GHz/9.0MB), OpenVMS I64 V8.3-1H1
The Integrity server will get the hostname and IP address presently in use
by the AlphaServer.
We'd like to make the transition for users as seemless as possible. A
number of users rely on SSH a fair bit. Can we copy the SSH key files
HOSTKEY. and HOSTKEY.PUB from one server to the other, so that users don't
get an error from their SSH clients when they first log in to the Integrity
server? (The error we would expect them to see is something like "remote
host key has changed, do you want to continue?")
Thanks,
Jeremy Begg
+---------------------------------------------------------+
| VSM Software Services Pty. Ltd. |
| http://www.vsm.com.au/ |
| "OpenVMS Systems Management & Programming" |
|---------------------------------------------------------|
| South Australia 5081 | Phone: +61 8 8221 5188 |
|---------------------------| Mobile: 0414 422 947 |
| A.C.N. 068 409 156 | FAX: +61 8 8221 7199 |
+---------------------------------------------------------+
--
- Ken
=================================================================
Ken Connelly Associate Director, Security and Systems
ITS Network Services University of Northern Iowa
email: ***@uni.edu p: (319) 273-5850 f: (319) 273-7373
Jim
2008-07-21 12:31:38 UTC
Permalink
Post by Jeremy Begg
We are moving from;
MultiNet V5.1 Rev A-X, COMPAQ AlphaServer DS20E 666 MHz, OpenVMS AXP V8.3
MultiNet V5.2 Rev A-X, HP rx2660  (1.59GHz/9.0MB), OpenVMS I64 V8.3-1H1
The Integrity server will get the hostname and IP address presently in use
by the AlphaServer.
We'd like to make the transition for users as seemless as possible.  A
number of users rely on SSH a fair bit.  Can we copy the SSH key files
HOSTKEY. and HOSTKEY.PUB from one server to the other, so that users don't
get an error from their SSH clients when they first log in to the Integrity
server?  (The error we would expect them to see is something like "remote
host key has changed, do you want to continue?")
Yes, doing as you suggest will avoid users having to deal with SSH's
changed-key challenge.
Dan O'Reilly
2008-07-21 12:27:33 UTC
Permalink
Yes, you can. Just make sure the protection and ownership of the files is
correct after the copy.
Post by Jeremy Begg
Hi,
We are moving from;
MultiNet V5.1 Rev A-X, COMPAQ AlphaServer DS20E 666 MHz, OpenVMS AXP V8.3
MultiNet V5.2 Rev A-X, HP rx2660 (1.59GHz/9.0MB), OpenVMS I64 V8.3-1H1
The Integrity server will get the hostname and IP address presently in use
by the AlphaServer.
We'd like to make the transition for users as seemless as possible. A
number of users rely on SSH a fair bit. Can we copy the SSH key files
HOSTKEY. and HOSTKEY.PUB from one server to the other, so that users don't
get an error from their SSH clients when they first log in to the Integrity
server? (The error we would expect them to see is something like "remote
host key has changed, do you want to continue?")
Thanks,
Jeremy Begg
+---------------------------------------------------------+
| VSM Software Services Pty. Ltd. |
| http://www.vsm.com.au/ |
| "OpenVMS Systems Management & Programming" |
|---------------------------------------------------------|
| South Australia 5081 | Phone: +61 8 8221 5188 |
|---------------------------| Mobile: 0414 422 947 |
| A.C.N. 068 409 156 | FAX: +61 8 8221 7199 |
+---------------------------------------------------------+
------
+-------------------------------+----------------------------------------+
| Dan O'Reilly | "There are 10 types of people in this |
| Principal Engineer | world: those who understand binary |
| Process Software | and those who don't." |
| http://www.process.com | |
+-------------------------------+----------------------------------------+
Jeremy Begg
2008-07-22 06:27:18 UTC
Permalink
Hi,
Post by Dan O'Reilly
Yes, you can. Just make sure the protection and ownership of the files is
correct after the copy.
Excellent!

Thanks to all who responded.

Regards,

Jeremy Begg
Post by Dan O'Reilly
Post by Jeremy Begg
Hi,
We are moving from;
MultiNet V5.1 Rev A-X, COMPAQ AlphaServer DS20E 666 MHz, OpenVMS AXP V8.3
MultiNet V5.2 Rev A-X, HP rx2660 (1.59GHz/9.0MB), OpenVMS I64 V8.3-1H1
The Integrity server will get the hostname and IP address presently in use
by the AlphaServer.
We'd like to make the transition for users as seemless as possible. A
number of users rely on SSH a fair bit. Can we copy the SSH key files
HOSTKEY. and HOSTKEY.PUB from one server to the other, so that users don't
get an error from their SSH clients when they first log in to the Integrity
server? (The error we would expect them to see is something like "remote
host key has changed, do you want to continue?")
Thanks,
Jeremy Begg
+---------------------------------------------------------+
| VSM Software Services Pty. Ltd. |
| http://www.vsm.com.au/ |
| "OpenVMS Systems Management & Programming" |
|---------------------------------------------------------|
| South Australia 5081 | Phone: +61 8 8221 5188 |
|---------------------------| Mobile: 0414 422 947 |
| A.C.N. 068 409 156 | FAX: +61 8 8221 7199 |
+---------------------------------------------------------+
------
+-------------------------------+----------------------------------------+
| Dan O'Reilly | "There are 10 types of people in this |
| Principal Engineer | world: those who understand binary |
| Process Software | and those who don't." |
| http://www.process.com | |
+-------------------------------+----------------------------------------+
Loading...