Generate /etc/ssh/ssh_host_dsa_key
On the monitored host, generate an SSH key. For example: $ ssh-keygen -t rsa -N ' -f /etc/ssh/sshhostkey If using puttygen, click Generate and follow the instructions on-screen. The key can be generated using RSA (SSH1 or SSH2), DSA, or ECDSA. All are supported by MySQL Enterprise Monitor. So this more about logging of unnecessary messages in the default configuration. By default, only RSA keys are created and no particular keys are set in sshdconfig so that sshd tries use all 3 types - dsa,rsa, ecdsa - regardless of their existence.
How do I create a host key file to use with my applications as I can not use system defined /etc/ssh/ssh_host_rsa_key for non-root account under Linux / Unix / Apple OS X / *BSD operating systems?
You need to use a command called ssh-keygen. This command generates, manages and converts authentication keys for ssh. It can create RSA keys for use by SSH protocol version 1 and RSA or DSA keys for use by SSH protocol version 2. he type of key to be generated is specified with the -t option. If invoked without any arguments, ssh-keygen will generate an RSA key for use in SSH protocol 2 connections. The -f option specifies the filename of the key file.
Why create a new host key files?
You may need a new key file:
- Your system is compromised.
- Your keys are stolen.
- You forgotten the passphrase.
- Your application need a new host key.
- You can not read the default system key files stored in /etc/ssh/ directory but your non-root application needs key.
- You got an error message which read as “Could not load host key: /etc/ssh/ssh_host_key*”.
ssh-keygen Syntax
The syntax is:
Example
Create a host key file in your $HOME/.ssh/myapp as follows. First, create a directory to store your host key file, enter:$ mkdir -p $HOME/.ssh/myapp
To create a host RSAv2 key file, run:$ ssh-keygen -t rsa -f $HOME/.ssh/myapp/rsa_key_file
Sample outputs:
Type the following commands to verify the keys:$ ls -l $HOME/.ssh/myapp/
Sample outputs:
You can now use keys with your app:$ mycool-app -key $HOME/.ssh/myapp/rsa_key_file -d
ADVERTISEMENTS
[donotprint][/donotprint]To regenerate keys you need to delete old files and reconfigure openssh-server. It is also safe to run following commands over remote ssh based session
. Your existing session shouldn’t be interrupted.Why regenerate new ssh server keys?
Most Linux and Unix distribution create ssh keys for you during the installation of the OpenSSH server package. But it may be useful to be able re-generate new server keys from time to time. For example, when you duplicate VM (KVM or container) which contains an installed ssh package and you need to use different keys from cloned KVM VM guest/machine.
Steps to regenerate OpenSSH host keys on Linux
Let us see all steps
Step 1 – Delete old ssh host keys
Login as the root and type the following command to delete files on your SSHD server:# /bin/rm -v /etc/ssh/ssh_host_*
Sample outputs:
Step 2 – Debian or Ubuntu Linux Regenerate OpenSSH Host Keys
Now create a new set of keys on your SSHD server, enter:# dpkg-reconfigure openssh-server
Sample output:
You just regenerated new ssh server keys. You need to restart ssh server:$ sudo systemctl restart ssh
OR$ /etc/init.d/ssh restart
Step 3 – Update all ssh client(s) known_hosts files
Finally, you need to update ~/.ssh/known_hosts files on client computers, otherwise everyone will see an error message that read as follows:
Generate /etc/ssh/ssh_host_dsa_key Pdf
Either remove host fingerprint or update the file using vi text editor (command must be typed on client machine):$ ssh-keygen -R remote-server-name-here
Now login using the ssh command:$ ssh vivek@server1.cyberciti.biz
Conclusion
You just regenerated OpenSSH Host Keys on a Debian or Ubuntu Linux using the dpkg-reconfigure command. For more info see the man page or this wiki page here:$ man dpkg-reconfigure
$ man sshd
Ssh Regenerate Host Key
ADVERTISEMENTS