Jun 09, 2018 H ow do I regenerate OpenSSH sshd server host keys stored in /etc/ssh/sshhost. files? Can I safely regenerate ssh host keys using remote ssh session as my existing ssh connections shouldn’t be interrupted on Debian or Ubuntu Linux? Jul 29, 2019 Establishing an SSH (Secure Shell) connection is essential to log in and effectively manage a remote server. Encrypted keys are a set of access credentials used to establish a secure connection. This guide will walk you how to generate SSH keys on Ubuntu 18.04.
Sshd Generate /etc/ssh/ssh_host_rsa_key
This is an unusual topic since most distribution create these keys for you during the installation of the OpenSSH server package. But it may be useful to be able generate new server keys from time to time, this happen to me when I duplicate Virtual Private Server which contains an installed ssh package.
OpenSSH require different keys depending if you use SSH1 and/or SSH2 protocol. All keys are generated by ssh-keygen, that one should be available on your system with the ssh package. The receipt is almost the same as for generating your own keys, except that you should use an empty passphrase. Default key lengths are also appropriate (2048 bits for rsa and 1024 bits for dsa)
SSH1 protocol
For SSH1 protocol, you need a rsa1 key generated has follow:
SSH2 protocol
For SSH2 protocol, you need two keys, one RSA key and one DSA key generated has follow:
Since January 2011, OpenSSH also support ECDSA key, you may generate a new one using:
- Help article
For a Linux VPS, all you have to do to generate new hostkeys on the server is use ssh-keygen (included with the standard OpenSSH package) to perform the following commands for both SSH protocols (ultimately you must perform all three commands). Make sure that the -N is followed by two single quotation marks and that all three file names are different.
SSH1 protocol
For the SSH1 protocol you only require an RSA1 key: ssh-keygen -f /etc/ssh/ssh_host_key -N ' -t rsa1
SSH2 protocol
For the SSH2 protocol you need two keys, for rsa and dsa: SSH2 protocol
![Ssh Ssh](/uploads/1/2/6/0/126064196/735246396.gif)
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N ' -t rsa
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N ' -t dsa
The authenticity of host xxx can't be established
If you have logged into the VPS via SSH in the past, after you regenerate the hostkeys for a new SSH connection you should get a message stating that the authenticity of the server cannot be established. This is true, because the server's fingerprint is stored in a local cache on your system: ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N ' -t dsa
The authenticity of host xxx can't be established
![Etc Ssh Ssh_host_rsa_key Generate Etc Ssh Ssh_host_rsa_key Generate](/uploads/1/2/6/0/126064196/482070271.png)
On Linux this is stored in ~/.ssh/known_hosts
On Windows it is stored in the registry under HKEY_CURRENT_USERSoftwareSimonTathamPuTTYSshHostKeys
Every time a connection is established, a comparison of the fingerprints (which look something like xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx (for rsa)) is made between the local database and the server you are contacting.
On Windows it is stored in the registry under HKEY_CURRENT_USERSoftwareSimonTathamPuTTYSshHostKeys
Every time a connection is established, a comparison of the fingerprints (which look something like xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx (for rsa)) is made between the local database and the server you are contacting.
Etc Ssh Ssh_host_rsa_key Generate Free
Removing the offending key You can remove the locally saved cache for the server and re-establish the connection, in which case you will be prompted to save the fingerprint again. On a Linux terminal, you will see the following warning:
Offending key in /home/USER/.ssh/known_hosts:15where /home/USER/.ssh/known_hosts is the file location and 15 is the line number. This enables you to use vi to jump directly to the right line so you can delete it:
vi /home/USER/.ssh/known_hosts +15
For Windows, you use regedit to find the correct registry entry and delete the offending key:
HKEY_CURRENT_USERSoftwareSimonTathamPuTTYSshHostKeys For Windows, you use regedit to find the correct registry entry and delete the offending key: