On Mon, 7 Nov 2016, Tom wrote: > I'm glad that you resolved the /etc/ssh host key files.
Hi Tom, Me, too. Working on this issue while doing two other things causes me to miss the obvious from time to time. > It is common to stop sshd, remove the files and start sshd again to > generate new set of host files. It is normally done when you create a host > from disk image either locally or in the cloud. Otherwise you would have > multiple hosts with identical key files, unless of course your deleted the > key files in the image. Not before having this issue I was unaware of the solution. Now I know. > If you want the public key ssh to work the same way in the other > direction (remote to local) you have two basic options: > a) have same authorized_keys, id_ed25519 and id_ed25519.pub in your > accounts on all hosts (remote and local). > b) add public keys (id_ed25519.pub) from all remote machines to your > local authorized_keys file. > > Chose the one option you like the most for your use case. I wondered if this was the problem; that using the same passphrase would generate different keys because the seed was different. It does make sense. > Option b) has higher entropy, so it should be safer in theory - if you > are good and fast at housekeeping all those public keys. > > Option a) is simpler to manage, but you need to update (change) all > keys in all hosts in case you are compromised at any one host. Have not yet had any host compromised. That's no guarantee it could not (or would not) happen, but the probability is low for me. > I hope it helps, It certainly does! Many thanks, Rich _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
