How to create a new node certificate, ssh?

E

ettaluni2021-03-16 11:25:00

SSH

ettaluni, 2021-03-16 11:25:00

Good day! I created a clone of the virtual machine, when I connect to the clone via ssh, I get an error that the verification of the host certificate failed. I don't want to delete everything from know_host. How do I generate a new node certificate for a clone? What is it generally built from, changed the mac-address, hostname and ip.

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

K

ky0, 2021-03-16
@ettaluni

I don't want to delete everything from know_host

There is no need to delete anything - just re-create the keys on the server, then there will be no swearing. In debian-like systems, this is done something like this:

rm /etc/ssh/ssh_host_* ; dpkg-reconfigure openssh-server ; systemctl restart ssh

Using the same server keys, even on cloned systems, is bad manners.

B

brar, 2021-03-16
@brar

ssh-keygen -R ip_address_of_clone

U

unseriously, 2021-03-16
@unseriously

You can also do it on a clone machine: ssh-keyscan
This command will give the fingerprint of the machine, and then remove this fingerprint from known_host on the host machine

D

Dmitry, 2021-03-16
@q2digger

>> I don't want to delete everything from know_host.
remove only the line that refers to his old key.

S

Saboteur, 2021-03-16
@saboteur_kiev

I don't want to delete everything from know_host.

Well, delete the entry only for the specified host
ssh-keygen -R <here enter the host name as you write it when you connect to it>
you need to understand that in .known_hosts the keys are stored not by their name, but by the name of the host. And if I connect to the same host either by host name or by IP address - there will be two entries, both must be deleted and at the first connection it will offer to add new host keys.