There is a point to this story, but it has temporarily escaped my mind...
Contact Me MyFaceBook MyLinkedIn MyGitHub MyTwitter

Avoid Duplicate SSH Host Keys

It was recently discovered that a cloud hosting company mistakenly add SSH Host Keys to their image. Best practices state that these host keys should be unique for each host. If host keys are reused, there is no way to prevent someone else or a different system with the same key from impersonating the host and potentially performing a Man-In-The-Middle attack. I also like to regenerate the host keys whenever I use a template or have to provide “root” or “sudo” access to support personnel. It also might be a good idea to regenerate the host keys every couple of years. This is the procedure that I use to do this:

sudo /bin/rm /etc/ssh/ssh_host_*
sudo ssh-keygen -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key
sudo ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key
sudo ssh-keygen -t ecdsa -N "" -v -b 521 -f /etc/ssh/ssh_host_ecdsa_key
Copyright © 2022 by Julian Easterling. SOME RIGHTS RESERVED.
Privacy Policy              Terms of Use             

Creative Commons License
Except where otherwise noted, content on this site is
licensed under a Creative Common Attribution-Share Alike 4.0 International License.

All of the opinions expressed on this website are those of Julian Easterling and
do not represent the views of any of my current and previous clients or employers in any way.

If you notice an error on the site or content that has not been properly attributed, bring
it to my attention using the contact page and I will endeavor to fix it as soon as I can.

I accept no responsibility or liability for any damages incurred by following any of
my advice or by using any of the information on my site or of those sites that I link to.