How to Reset SSH Host Keys when Deploying Linux Templates in Proxmox

Рет қаралды 8,591

Күн бұрын

In this video, Jay from ‪@LearnLinuxTV‬ will go over how to create a new set of SSH host keys for each instance that you create from an image. Resetting SSH host keys, and making sure that each instance that you set up has different host keys, is vital to server security.
Chapters:
0:00 Introduction
0:50 Creating a VM in Proxmox
3:04 Installing Ubuntu Server
4:37 Resetting the Machine ID
6:12 Demonstrating the Wrong Way to go About This
8:27 Connecting to our VMs
8:56 Locating the Host Keys
9:18 What’s in a Host Key File?
10:08 Demonstrating the Right Way to go About This
11:18 Connecting to Our New VMs
11:41 Resetting the Machine ID
11:55 Creating a Template with Unique Host Keys
13:03 What’s In This Code?
15:39 Change File Permissions
15:52 Move the File
16:20 Restart systemd
16:50 Enable regenerate_ssh_host_keys.service
17:20 Checking the Key Before Regeneration
17:44 Reboot the System
17:55 Creating a Template in Proxmox
18:43 Clone the VM
19:10 Check the New Servers Keys
20:11 Conclusion
New to Cloud Computing? Get started here with a $100 credit → www.linode.com/lp/youtube-vie...
Read the doc for more information troubleshooting SSH Key Issues → www.linode.com/docs/guides/ss...
Learn more about Creating an SSH Key Pair → www.linode.com/docs/guides/us...
Subscribe to get notified of new episodes as they come out → kzfaq.info?sub_co...
#Linode #Linux #SSHKeys #AlternativeCloud
Product: Linode, SSH Host Keys, Linux; Jay LaCroix;

Пікірлер: 10

@MADhatter_AIM 5 ай бұрын

Perfect, thanks !

@pfos 2 жыл бұрын

Cool! - thanx4 the tips =)

@mixmastermaverick3336 10 ай бұрын

You got things a bit mixed up I think. You only get an SSH host key warning if you connect to an IP you previously connected to and it presents a different host key. Connecting to two different IPs that have the same host key won't give a warning. This makes sense, as the same host can have multiple IPs.

@ALVERMIC Жыл бұрын

I wanted to have a ssh key ed25519 but without password and I couldn't make it

@OsX86H3AvY 11 ай бұрын

so i might have done this incorrectly but i just ran into the same thing just now, though i installed cockpit onto my template also which opened fine of course but thats where i saw the ssh service had failed...i DID truncate the machine-id, removed ssh host keys, and did an ip address flush just prior to making the template, meaning i have no IP address conflicts, but the ssh service then wont start.....so....i just run sudo apt resintall openssh* and that seems to do fix it..had i known i probably would have NOT installed SSH (i LOVE cockpit....on ubuntu...but i'm an open source freeloader so i dont count) and then i would've installed it afterwards.....maybe next time i make a template ill remember that but for now i just added a note in the clone to remind myself how to fix it

@BorgSwarm 2 ай бұрын

This helped me. I couldn't figure out why the SSH service wasnt responding. I also use Cockpit but hadn't checked it yet.

@Okand2 14 күн бұрын

seems a bit excessive with a systemd-unit to me, I just delete the ssh_host_key files and then power the machine off, next time you boot a clone and ssh starts up it will make new keys then

@encapsulatio 2 жыл бұрын

Can you make a guide please on how to install arch packages on debian based distros? and if that is not directly possible then how to correctly convert them to deb packages.

@LA-MJ 2 жыл бұрын

Writing into urandom is naive. AFAIK it does not really work the way one would think it does. There was a discussion regarding it relatively recently. Early boot randomness is a real problem on entropy-starved systems