From owner-freebsd-security@FreeBSD.ORG Tue Feb 6 02:18:23 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5BFE816A401 for ; Tue, 6 Feb 2007 02:18:20 +0000 (UTC) (envelope-from aronesimi@yahoo.com) Received: from web58603.mail.re3.yahoo.com (web58603.mail.re3.yahoo.com [68.142.236.201]) by mx1.freebsd.org (Postfix) with SMTP id EC85113C478 for ; Tue, 6 Feb 2007 02:18:19 +0000 (UTC) (envelope-from aronesimi@yahoo.com) Received: (qmail 63742 invoked by uid 60001); 6 Feb 2007 01:51:39 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=4lm2VT0EC2eFZUw86h9RnOF0TtvWvgNH7YPCZIy5XnOYgzpi2QSMz1VJYY0ZeJjDKE+In38JJJiJ3W+tAuI2K01UAmhQhHdeErMU+akPCNDxzK6JaBBd88zwoKUAAd7yawJ2RssETql57yiSXPJ8tdtyC022ZcTKqv993FgvRp0=; X-YMail-OSG: grBA6jIVM1m_fTnEdhLy_sC69tbzdmAJhUts9Z_vpuLJufXPnIyaMrkbn2PtA9MHvQ-- Received: from [75.72.230.91] by web58603.mail.re3.yahoo.com via HTTP; Mon, 05 Feb 2007 17:51:38 PST Date: Mon, 5 Feb 2007 17:51:38 -0800 (PST) From: Arone Silimantia To: freebsd-security@freebsd.org MIME-Version: 1.0 Message-ID: <14020.63738.qm@web58603.mail.re3.yahoo.com> X-Mailman-Approved-At: Tue, 06 Feb 2007 03:20:02 +0000 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: post-reload SSH server key transfer ... comments ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Feb 2007 02:18:23 -0000 I am going to be replacing system X with system Y (which is much faster, newer). I will load up the new system from scratch, and then just copy over the user data from the old system. Then I will turn off the old system for good, and set the IP and hostname of the new system to match the old one. Easy. Except everyones ssh connections will complain loudly about potential MITM attacks, etc. ... So, am I correct that I can just tar up /etc/ssh on the old system and use it to overwrite /etc/ssh on the new system, and that's that ? No warning message or other problems ? ALSO, am I correct that if I copy over their home directories that contain their ~/.ssh/authorized_keys that those will continue to work just fine even though they are on a new server ? I guess as far as remote users are concerned, it _won't_ be a new system - since hostname, IP, and host ssh keys will be the same ... but I like to be careful and that is why I am asking for a sanity check here... All comments appreciated. Thanks. --------------------------------- Don't get soaked. Take a quick peak at the forecast with theYahoo! Search weather shortcut.