See comment below. On Tue, 2016-10-25 at 15:13 -0700, Rich Shepard wrote: > Having new installations of Slackware-14.2 on three hosts now (two > more to > go after I get these three fully functional), I want to change my ssh > private and public keys using a new passphrase and type. > > Now, ~/.ssh/ contains authorized_keys, known_hosts, and id_dsa. My > web > search finds suggestions to use Ed25519, which 'man ssh-keygen' lists > as an > option. And, /etc/ssh/ contains the following files: > > moduli ssh_host_ecdsa_key.pub ssh_host_rsa_key.pub > ssh_config ssh_host_ed25519_key sshd_config > ssh_config.works ssh_host_ed25519_key.pub sshd_config.works > ssh_host_dsa_key ssh_host_key supervise/ > ssh_host_dsa_key.pub ssh_host_key.pub > ssh_host_ecdsa_key ssh_host_rsa_key > > So, rather than changing the passphrase (the '-p' option to ssh > -keygen) > do I just generate a new one for all hosts, specifying Ed25519 as the > encryption algorithm? And, remove all current files in ~/.ssh/?
Correct. Do not forget to update and distribute updated authorized_keys file adding your new public key. you can verify that your key exchange works by connecting with increased verbosity: ssh -vv and verifying which key is used. If ssh key is the only way into those hosts, keep your old key files somewhere outside .ssh directory until you are sure that you new key lets you in. You can remove the old keys from authorized_keys file when everything is proven to be working as expected. > > Advice needed so I get it all correct and cleaned up the first > time. > > Rich > > > > > > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
