From owner-freebsd-security@FreeBSD.ORG Tue Feb 6 07:21:11 2007 Return-Path: X-Original-To: freebsd-security@freebsd.org Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7B93616A400 for ; Tue, 6 Feb 2007 07:21:11 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (c220-239-3-125.belrs4.nsw.optusnet.com.au [220.239.3.125]) by mx1.freebsd.org (Postfix) with ESMTP id 0B26A13C4B4 for ; Tue, 6 Feb 2007 07:21:10 +0000 (UTC) (envelope-from peterjeremy@optushome.com.au) Received: from turion.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by turion.vk2pj.dyndns.org (8.13.8/8.13.8) with ESMTP id l167L90A001188; Tue, 6 Feb 2007 18:21:09 +1100 (EST) (envelope-from peter@turion.vk2pj.dyndns.org) Received: (from peter@localhost) by turion.vk2pj.dyndns.org (8.13.8/8.13.8/Submit) id l167L9WE001187; Tue, 6 Feb 2007 18:21:09 +1100 (EST) (envelope-from peter) Date: Tue, 6 Feb 2007 18:21:09 +1100 From: Peter Jeremy To: Arone Silimantia Message-ID: <20070206072108.GC831@turion.vk2pj.dyndns.org> References: <14020.63738.qm@web58603.mail.re3.yahoo.com> <20070206032927.GB55215@lor.one-eyed-alien.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="VS++wcV0S1rZb1Fb" Content-Disposition: inline In-Reply-To: <20070206032927.GB55215@lor.one-eyed-alien.net> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.13 (2006-08-11) Cc: freebsd-security@freebsd.org Subject: Re: post-reload SSH server key transfer ... comments ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Feb 2007 07:21:11 -0000 --VS++wcV0S1rZb1Fb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2007-Feb-05 21:29:27 -0600, Brooks Davis wrote: >On Mon, Feb 05, 2007 at 05:51:38PM -0800, Arone Silimantia wrote: >> So, am I correct that I can just tar up /etc/ssh on the old system and >> use it to overwrite /etc/ssh on the new system, and that's that ? No >> warning message or other problems ? > >Yes. Actually, the files you need are "/etc/ssh/*_key /etc/ssh/*_key.pub". >The others may contain settings you want to move, but don't effect the >machine's ssh identity. I'll go further and say that you are unlikely to want to copy the remaining files. In particular, you should merge your local changes to /etc/ssh/ssh{,d}_config because just copying those files across is quite likely to give the newer ssh a degree of indigestion. --=20 Peter Jeremy --VS++wcV0S1rZb1Fb Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFFyCxk/opHv/APuIcRApLQAJ0QsnWlebfxO3nDo0Mpq+EJUcG6EgCglVbl fav01GFD9Tu9x8LOxfIkLm4= =6ouq -----END PGP SIGNATURE----- --VS++wcV0S1rZb1Fb--