I've done this precise sort of thing on a set of Solaris machines (duplicated the SSH host key) that participate in a cluster. There is no reason I can imagine why this wouldn't be a reasonable thing for you to do for the circumstances you describe. Decide which machine's SSH host key is the one to be used for both machines, then copy /etc/ssh/ssh_host*key* from that machine to the other. You may like to first save the old keys from the target machine in another backup directory for fallback, just in case an unexpected problem arises later.
Once this is done, any SSH clients who have established connections to the 2nd machine in the past while it was still using its original host key may now still have that old public key in their private 'known hosts' list. That's OK, but the user of the SSH client may see a warning that a host-spoof is suspected as soon as he/she tries to connect (after the host key has been replaced). So you might get a few phone calls. If possible and practical, it would be good to check all the SSH clients' 'known hosts' lists and remove the obsolete entry (it will get recreated automatically later during the next SSH connection). Bill [EMAIL PROTECTED] wrote: > Maybe this is slightly off topic because it is more of an ssh question, > sorry. > > I have two openbsd boxes running sshd. They are mirrors of each other, and > we switch between them every two weeks. They have their own IP numbers, > 10.1.1.42, and 10.1.1.43, but whichever machine is the production box gets > the IP number 10.1.1.44 and you can no longer get to that machine via it's > own IP number. > > Currently all employee's telnet into the production box. I want to get that > switched over to ssh. The trouble is the host key appearing to change every > two weeks. Can I just duplicate the host key from one box onto the other > box? And which key file[s] would that be that I need to copy? Or do I need > to see about turning off host key checking on our client? > > --ja > -- William Bloom| Snr Systems Engineer|M P H A S I S Architecting Value | Eldorado Computing 5353 North 16th Street, Suite 400 Phoenix, Az 85016 | Direct: +11-602-604-3100 | Fax: +11-602-604-3115| http://www.eldocomp.com -- CONFIDENTIALITY NOTICE -- Information transmitted by this e-mail is proprietary to MphasiS and/or its Customers and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please notify us immediately at [EMAIL PROTECTED] and delete this mail from your records.
