SSH Host keys – know when to keep em and when to change them
brian_s 270002K5X3 Comment (1) Visits (22844)
This is done to prevent a man in the middle attack which is when a malicious server presents itself as another server in order to capture passwords or other information. If SSH didn't have host keys, you wouldn't know for sure if you where connecting to the server you are intending or just an impostor.
When you connect and your SSH client detects that the SSH host key doesn't match, it will display a warning message. Almost always this isn't because of a man in the middle attack, but rather because the system administrator has re-imaged the operating system, or migrated to a new server, etc. Another concern is any automated scripts that use SSH as they will probably stop working if the host SSH key is changed because SSH will prevent the connection until the new host key is accepted on the client. So if you don't properly manage your SSH host keys at best you are going to confuse and inconvenience users and at worst you are going to cause production problems because scripts using SSH could stop working.
Read on to find out how to prevent these problems..
The SSH host keys are simply several files on the server under /etc/ssh:
If you are going to re-image a server, or replace a server, and you don't want to have all the SSH clients notice the difference, simply backup these 6 files, copy them over after you have re-imaged or replaced the server (make sure to set the same permissions on them as they originally had) and then restart SSH (on AIX: stopsrc -s sshd; startsrc -s sshd). When your SSH clients connect they will successfully verify the SSH host key and will think they are connecting to the original server.
When you SHOULD change the SSH host key
On the other end of the spectrum, there are times when you should purposely change the SSH host key. For example, if you are building multiple servers from the same mksysb image, they will all have the same SSH host key. This can have negative security implications and can even also confuse some monitoring tools that expect the SSH host public keys to be unique. It is best practice for security sake to have every server have a unique SSH host key.
If you are building many servers from the same mksysb image, it is very easy to generate unique SSH keys. Simply delete the 6 files I listed above, and then run these commands:
ssh-keygen -t rsa1 -f /etc
ssh-keygen -t rsa -f /etc
ssh-keygen -t dsa -f /etc
When prompted for a passphrase, press enter to leave the passphrase empty.
Then restart SSH (on AIX: stopsrc -s sshd; startsrc -s sshd) and you should be good to go with a new unique SSH host key.