1

I'm currently running Ubuntu 17.04 on my VPS. I want to go back to 16.04 since 17.04 is at end of life. I have a few remote systems that automatically log into this server using authorized keys. If I start fresh, how can I make sure those machines will still be able to log into the server. I do not have physical access to the remote machines.

1 Answers1

3

You need to save your ~/.ssh/authorized_keys file for the user your other servers use to login, and copy that on your new VPS. That way your SSH keys will still be valid, and the other servers will be able to login.

However, with a new install you will also get a new SSH fingerprint, and the hosts will very likely refuse to log into your new VPS.

To remedy that you can either add -o StrictHostKeyChecking=no to your SSH command (or via ~/.ssh/config) on each and every host - which I don't recommend.

Or stop your servers from panicking about the new fingerprint, you can just re-create it:

The server credentials, that make up the "fingerprint" for SSH are actually just keypairs defined in your /etc/ssh/sshd_config:

# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

Copy these files to your new VPS (with their .pub variants), make sure the paths in sshd_config point to them and the permissions (600 and 644for the .pubs) are correct, reload sshd on your new VPS, and you'll have essentially "cloned" your SSH setup.

Robert Riedl
  • 4,351