[Discuss] SSH and Server OS Migration

[jbk at kjkelra.com (jbk)]

On 9/8/21 9:51 AM, Eric Chadbourne wrote:
>
> On 9/8/21 9:26 AM, jbk wrote:
>> I am migrating my home file and backup server from SL 7 
>> to Rocky 8 in a dual boot arrangement. It serves three or 
>> four other notebooks and workstation. The backup program 
>> (BackupPC) uses ssh on the client machines to call rsync 
>> and transmit the backup data.
>> What I though I could do so that I didn't have to update 
>> the "knownhosts" file on all machines was to substitute 
>> the public and private keys on Rocky with those from SL 7 
>> ( /etc/ssh). This did not work, as I get the error 
>> fingerprint does not match from other machine.
>> I thought I had done this 10 years ago when I last 
>> upgraded the server. Since then SSH has changed the 
>> allowed key types (dsa to escda) for better encryption 
>> and I had to go through the process of updating the keys 
>> and knownhost files on all the machines.
>> It is going to take me a while to get the backup server 
>> configured on Rocky so I will be continuing to use SL 7 
>> during this process.
>> Is it possible to substitute the keys on Rocky for those 
>> on SL 7?
>>
>
>
> I think you can either write a two line bash script to 
> remove and add the keys, or look at StrictHostKeyChecking.
>
> Eric
These seem reasonable routes to pursue during the transition 
phase on one of the client machines. It's easy enough to 
create two knownhosts files and substituting one for the 
other during the testing phase. I will just have to update 
all the knownhosts files once the final transition is made.

Rocky does come with a nifty tool ( cockpit ) that was 
helpful during the initial set up, but it is tied to the 
original SSH keys and would be broken with my intended approach.


-- 
Jim Kelly-Rand
jbk at kjkelra.com