{"id":2708,"date":"2015-04-22T23:11:21","date_gmt":"2015-04-22T21:11:21","guid":{"rendered":"http:\/\/michlstechblog.info\/blog\/?p=2708"},"modified":"2015-04-23T10:33:30","modified_gmt":"2015-04-23T08:33:30","slug":"linux-regenerate-sshd-host-keys","status":"publish","type":"post","link":"https:\/\/michlstechblog.info\/blog\/linux-regenerate-sshd-host-keys\/","title":{"rendered":"Linux: Regenerate sshd host keys"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_2708 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_2708')){$('.twoclick_social_bookmarks_post_2708').socialSharePrivacy({\"services\":{\"flattr\":{\"uid\":\"Michl\",\"status\":\"on\",\"the_title\":\"Linux%3A%20Regenerate%20sshd%20host%20keys\",\"the_excerpt\":\"Hi%2C%0D%0A%0D%0Ato%20generate%20sshd%20host%20keys%2C%20for%20example%20in%20case%20of%20cloning%20a%20virtual%20linux%20instance%2C%20do%20the%20following%20steps%3A%0D%0A%0D%0ACheckout%20the%20key%20file%20names%0D%0A%0D%0Aroot%40debdevt%3A~%23%20grep%20HostKey%20%2Fetc%2Fssh%2Fsshd_config%0D%0A%23%20HostKeys%20for%20protocol%20version%202%0D%0AHostKey%20%2Fetc%2Fssh%2Fssh_host_rsa_key%0D%0AHostKey%20%2Fetc%2Fssh%2Fssh_host_dsa_key%0D%0AHostKey%20%2Fetc%2Fssh%2Fssh_host_ecdsa_key%0D%0AHostKey%20%2Fetc%2Fssh%2Fssh_host_ed25519_key%0D%0A%0D%0A%20%28more%26hellip%3B%29\",\"txt_info\":\"2 clicks for more data protection:\\r\\n\\r\\nOnly when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. \",\"perma_option\":\"off\"}},\"txt_help\":\"When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.\",\"settings_perma\":\"Enable permanently and accept data transmission. \",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/michlstechblog.info\\\/blog\\\/linux-regenerate-sshd-host-keys\\\/\",\"post_id\":2708,\"post_title_referrer_track\":\"Linux%3A+Regenerate+sshd+host+keys\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Hi,<\/p>\n<p>to generate sshd host keys, for example in case of cloning a virtual linux instance, do the following steps:<\/p>\n<p>Checkout the key file names<br \/>\n<code><br \/>\nroot@debdevt:~# grep HostKey \/etc\/ssh\/sshd_config<br \/>\n# HostKeys for protocol version 2<br \/>\nHostKey \/etc\/ssh\/ssh_host_rsa_key<br \/>\nHostKey \/etc\/ssh\/ssh_host_dsa_key<br \/>\nHostKey \/etc\/ssh\/ssh_host_ecdsa_key<br \/>\nHostKey \/etc\/ssh\/ssh_host_ed25519_key<br \/>\n<\/code><br \/>\n<!--more--><br \/>\nand generate new keys without a passphrase and a 4096Bit key<br \/>\n<code><br \/>\nroot@debdevt:~# ssh-keygen -b 4096 -f \/etc\/ssh\/ssh_host_rsa_key -t rsa -N \"\"<br \/>\nroot@debdevt:~# ssh-keygen -b 4096  -f \/etc\/ssh\/ssh_host_dsa_key -t dsa -N \"\"<br \/>\nroot@debdevt:~# ssh-keygen -b 4096  -f \/etc\/ssh\/ssh_host_ecdsa_key -t ecdsa -N \"\"<br \/>\nroot@debdevt:~# ssh-keygen -b 4096  -f \/etc\/ssh\/ssh_host_ed25519_key -t ed25519 -N \"\"<br \/>\n<\/code><\/p>\n<p>Last step. Ensure that only root have access to the key files<br \/>\n<code><br \/>\nroot@debdevt:~# chmod 600 \/etc\/ssh\/ssh_host_*_key<br \/>\n<\/code><br \/>\nMichael<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, to generate sshd host keys, for example in case of cloning a virtual linux instance, do the following steps: Checkout the key file names root@debdevt:~# grep HostKey \/etc\/ssh\/sshd_config # HostKeys for protocol version 2 HostKey \/etc\/ssh\/ssh_host_rsa_key HostKey \/etc\/ssh\/ssh_host_dsa_key HostKey \/etc\/ssh\/ssh_host_ecdsa_key HostKey \/etc\/ssh\/ssh_host_ed25519_key<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[651,652,653,224,194,650],"class_list":["post-2708","post","type-post","status-publish","format-standard","hentry","category-linux","tag-generate","tag-host","tag-keys","tag-linux-2","tag-ssh","tag-sshd"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/2708","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/comments?post=2708"}],"version-history":[{"count":6,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/2708\/revisions"}],"predecessor-version":[{"id":2714,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/2708\/revisions\/2714"}],"wp:attachment":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/media?parent=2708"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/categories?post=2708"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/tags?post=2708"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}