Table of ContentsView in Frames

Reinitializing SSH

Reinitializing SSH enables you to change the sizes of existing host and server keys.

Steps

  1. Cancel the existing host and server keys by stopping the SSH daemon with the following command:
    secureadmin disable {ssh1|ssh2}

    Use ssh1 to disable SSH service for SSH 1.x clients or use ssh2 to disable SSH service for SSH 2.0 clients.

  2. Enter the following command:
    secureadmin setup -f [-q] ssh

    The -f option forces setup to run even if the SSH server has already been configured.

    The -q option is the non-interactive mode for setting up SSH. See the na_secureadmin(1) man page for more information.

  3. When prompted, enter a size for the host key if you are using the SSH 1.x protocol.
  4. When prompted, enter a size for the server key if you are using the SSH 1.x protocol.
  5. When prompted, enter a size for the host key if you are using the SSH 2.0 protocol.
  6. Activate the new host and server key sizes by entering the following command:
    secureadmin enable {ssh1|ssh2}

    Use ssh1 to enable SSH service for SSH 1.x clients or use ssh2 to enable SSH service for SSH 2.0 clients.

Result

Clients that have a copy of the old host key give the following warning after they receive a new key from the storage system:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: HOST IDENTIFICATION HAS CHANGED!         @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the host key has just been changed.
Please contact your system administrator.
Add correct host key in /u/sisa/.ssh/known_hosts to get rid of this message.
Agent forwarding is disabled to avoid attacks by corrupted servers.
Are you sure you want to continue connecting (yes/no)?