[Discuss] SSH and Server OS Migration

[jbk at kjkelra.com (jbk)]

On 9/8/21 7:58 PM, Matthew Gillen wrote:
> ...
>>>> Is it possible to substitute the keys on Rocky for those on SL 7?
>>>>
>>>
>>> I think you can either write a two line bash script to remove and add
>>> the keys, or look at StrictHostKeyChecking.
>>>
>>> Eric
>> These seem reasonable routes to pursue during the transition phase on
>> one of the client machines. It's easy enough to create two knownhosts
>> files and substituting one for the other during the testing phase. I
>> will just have to update all the knownhosts files once the final
>> transition is made.
>>
>> Rocky does come with a nifty tool ( cockpit ) that was helpful during
>> the initial set up, but it is tied to the original SSH keys and would be
>> broken with my intended approach.
> If you want to get fancy you could put the server key fingerprint in DNS
> and set the default configuration on the client boxes to include
> VerifyHostKeyDNS
>
> It will then implicitly trust a host key that matches the DNS record.  e.g.
> https://www.matoski.com/article/sshfp-dns-records/
>
> Matt
> _______________________________________________
> Discuss mailing list
> Discuss at lists.blu.org
> http://lists.blu.org/mailman/listinfo/discuss
> .
I think I'm set with just substituting knownhosts files. I 
imagine to accomplish what you suggest would require 
implementing on my dd-wrt router. My environment is pretty 
static so updating the key on 5 machines isn't to much work. 
For testing I only needed to switch back and forth on one 
notebook. Migrating the BackupPC server is going much 
quicker than I thought.
Thanks,

Jim