On 9/8/21 7:58 PM, Matthew Gillen wrote:
...
Is it possible to substitute the keys on Rocky for those on SL 7?
I think you can either write a two line bash script to remove and add
the keys, or look at StrictHostKeyChecking.
Eric
These seem reasonable routes to pursue during the transition phase on
one of the client machines. It's easy enough to create two knownhosts
files and substituting one for the other during the testing phase. I
will just have to update all the knownhosts files once the final
transition is made.
Rocky does come with a nifty tool ( cockpit ) that was helpful during
the initial set up, but it is tied to the original SSH keys and would be
broken with my intended approach.
If you want to get fancy you could put the server key fingerprint in DNS
and set the default configuration on the client boxes to include
VerifyHostKeyDNS
It will then implicitly trust a host key that matches the DNS record. e.g.
https://www.matoski.com/article/sshfp-dns-records/
Matt
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss
.
I think I'm set with just substituting knownhosts files. I
imagine to accomplish what you suggest would require
implementing on my dd-wrt router. My environment is pretty
static so updating the key on 5 machines isn't to much work.
For testing I only needed to switch back and forth on one
notebook. Migrating the BackupPC server is going much
quicker than I thought.
Thanks,
Jim
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss
