From owner-freebsd-security@FreeBSD.ORG Tue Feb 6 03:55:04 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 771BB16A400 for ; Tue, 6 Feb 2007 03:55:04 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net (grnl-static-02-0046.dsl.iowatelecom.net [69.66.56.110]) by mx1.freebsd.org (Postfix) with ESMTP id 26D1F13C461 for ; Tue, 6 Feb 2007 03:55:04 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net (localhost [127.0.0.1]) by lor.one-eyed-alien.net (8.13.8/8.13.8) with ESMTP id l163TRFe055730; Mon, 5 Feb 2007 21:29:28 -0600 (CST) (envelope-from brooks@lor.one-eyed-alien.net) Received: (from brooks@localhost) by lor.one-eyed-alien.net (8.13.8/8.13.8/Submit) id l163TRaL055729; Mon, 5 Feb 2007 21:29:27 -0600 (CST) (envelope-from brooks) Date: Mon, 5 Feb 2007 21:29:27 -0600 From: Brooks Davis To: Arone Silimantia Message-ID: <20070206032927.GB55215@lor.one-eyed-alien.net> References: <14020.63738.qm@web58603.mail.re3.yahoo.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="bCsyhTFzCvuiizWE" Content-Disposition: inline In-Reply-To: <14020.63738.qm@web58603.mail.re3.yahoo.com> User-Agent: Mutt/1.5.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (lor.one-eyed-alien.net [127.0.0.1]); Mon, 05 Feb 2007 21:29:28 -0600 (CST) X-Mailman-Approved-At: Tue, 06 Feb 2007 03:58:25 +0000 Cc: freebsd-security@freebsd.org Subject: Re: post-reload SSH server key transfer ... comments ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Feb 2007 03:55:04 -0000 --bCsyhTFzCvuiizWE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Feb 05, 2007 at 05:51:38PM -0800, Arone Silimantia wrote: >=20 > I am going to be replacing system X with system Y (which is much > faster, newer). > > I will load up the new system from scratch, and then just copy over > the user data from the old system. Then I will turn off the old > system for good, and set the IP and hostname of the new system to > match the old one. > > Easy. Except everyones ssh connections will complain loudly about > potential MITM attacks, etc. ... > > So, am I correct that I can just tar up /etc/ssh on the old system and > use it to overwrite /etc/ssh on the new system, and that's that ? No > warning message or other problems ? Yes. Actually, the files you need are "/etc/ssh/*_key /etc/ssh/*_key.pub". The others may contain settings you want to move, but don't effect the machine's ssh identity. > ALSO, am I correct that if I copy over their home directories that > contain their ~/.ssh/authorized_keys that those will continue to work > just fine even though they are on a new server ? Yes, they contain no knowledge of the server they are on. -- Brooks --bCsyhTFzCvuiizWE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFFx/YXXY6L6fI4GtQRApq2AJ4msQbrAm4oO7US3lJ67qESn1J6XACg1rQm ts5atpXP0ZvPPXIf9R/01HM= =eI2s -----END PGP SIGNATURE----- --bCsyhTFzCvuiizWE--