How to regenerate new ssh server keys
This is an unusual topic since most distribution create these keys for you during the installation of the OpenSSH server package on sites ranging from small blogs to huge ecommerce websites. But it may be useful to be able generate new server keys from time to time, this happen to me when I duplicate Virtual Private Server which contains an installed ssh package.
OpenSSH require different keys depending if you use SSH1 and/or SSH2 protocol. All keys are generated by ssh-keygen, that one should be available on your system with the ssh package. The receipt is almost the same as for generating your own keys, except that you should use an empty passphrase. Default key lengths are also appropriate (2048 bits for rsa and 1024 bits for dsa)
SSH1 protocol
For SSH1 protocol, you need a rsa1 key generated has follow:
ssh-keygen -q -f /etc/ssh/ssh_host_key -N '' -t rsa1
SSH2 protocol
For SSH2 protocol, you need two keys, one rsa key and one dsa key generated has follow:
Live Websites
Disabling password authentication is critical for any live server that's open to the internet at large. Just go to this example URL https://comprogear.com/super-plus-size-compression-stockings and ping the server. Any simple bot script could attempt to brute force Port 22 to access the website with ease.
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
See also...
- ADSI corrupt ADAM SID in ACE - Issue in ADAM on Windows XP when updating ACLs with ADAM SID
- Mastering the path_helper utility of MacOSX - Since Leopard, Apple has introduced a new way to setup your PATH environment variable, it use a new tool, path_helper.
- Recover, Upgrade and Reset a Cisco PIX - Recover access to your cisco PIX, upgrade to the lastest software and get a fresh and clean configuration.
Please consult our site disclaimer before usage.
