ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    SSH Keys and migrating to a new device

    Scheduled Pinned Locked Moved IT Discussion
    ssh keysmigration
    20 Posts 7 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch
      last edited by

      Here is how you do it assuming Fedora/Korora 25

      We are assuming that the username is the same on both machines because this is a migration.

      • On the new machine, start the SSH server. Since this is a laptop/desktop, it should not be running normally.
      systemctl start sshd
      
      • On the new machine, make sure you have no private key yet. There should not be anything here. If there is, you have to figure out what you are already using a private key for.
      [12:53 jbusch ~]$ ls -la ~/.ssh/
      drwx------.  2 jbusch jbusch 4096 May 28 23:50 .
      drwxrwxr-x+ 32 jbusch jbusch 4096 Jun 28 21:38 ..
      
      • On the old machine use rsync to transfer everything.
      rsync /home/jbusch/.ssh/* [email protected]:/home/jbusch/.ssh/
      [email protected]'s password: 
      
      • On your new machine turn the SSH server back off
      systemctl stop sshd
      
      • Test a login from your new machine to some server
      ssh 10.254.0.108
      Last login: Fri Jun 30 12:53:31 2017 from 24.14.15.238
      [jbusch@relay ~]$
      
      wirestyle22W 1 Reply Last reply Reply Quote 3
      • wirestyle22W
        wirestyle22 @JaredBusch
        last edited by wirestyle22

        @JaredBusch Thanks. This is great. I'm going to spin some VM's up on my home server and do this

        JaredBuschJ 1 Reply Last reply Reply Quote 0
        • JaredBuschJ
          JaredBusch @wirestyle22
          last edited by JaredBusch

          @wirestyle22 said in SSH Keys and migrating to a new device:

          @JaredBusch Thanks. This is great

          Again, you want a unique private key on every device, in order to lock things out discretely. Otherwise if you simply had the same private key everywhere, you would lose all access form every device just because your laptop was compromised and you had to lock out the public key.

          So this process is really only something that should ever happen on a profile migration.

          scottalanmillerS wirestyle22W stacksofplatesS 3 Replies Last reply Reply Quote 3
          • scottalanmillerS
            scottalanmiller @JaredBusch
            last edited by

            @JaredBusch said in SSH Keys and migrating to a new device:

            @wirestyle22 said in SSH Keys and migrating to a new device:

            @JaredBusch Thanks. This is great

            Again, you want a unique private key on every device, in order to lock things out discretely. Otherwise if you simply had the same private key everywhere, you would lose all access form every device just because your laptop was compromised and you had to lock out the public key.

            So this process is really only something that should ever happen on a profile migration.

            I agree. And you want your keys labelled with their origination device, easier to track.

            wirestyle22W 1 Reply Last reply Reply Quote 0
            • wirestyle22W
              wirestyle22 @JaredBusch
              last edited by

              @JaredBusch said in SSH Keys and migrating to a new device:

              @wirestyle22 said in SSH Keys and migrating to a new device:

              @JaredBusch Thanks. This is great

              Again, you want a unique private key on every device, in order to lock things out discretely. Otherwise if you simply had the same private key everywhere, you would lose all access form every device just because your laptop was compromised and you had to lock out the public key.

              So this process is really only something that should ever happen on a profile migration.

              Understood. That would make administrating those devices unnecessarily difficult

              1 Reply Last reply Reply Quote 0
              • wirestyle22W
                wirestyle22 @scottalanmiller
                last edited by

                @scottalanmiller said in SSH Keys and migrating to a new device:

                @JaredBusch said in SSH Keys and migrating to a new device:

                @wirestyle22 said in SSH Keys and migrating to a new device:

                @JaredBusch Thanks. This is great

                Again, you want a unique private key on every device, in order to lock things out discretely. Otherwise if you simply had the same private key everywhere, you would lose all access form every device just because your laptop was compromised and you had to lock out the public key.

                So this process is really only something that should ever happen on a profile migration.

                I agree. And you want your keys labelled with their origination device, easier to track.

                If you're nuking the profile after you migrate it what benefit would that give you?

                JaredBuschJ scottalanmillerS 2 Replies Last reply Reply Quote 0
                • JaredBuschJ
                  JaredBusch @wirestyle22
                  last edited by

                  @wirestyle22 said in SSH Keys and migrating to a new device:

                  @scottalanmiller said in SSH Keys and migrating to a new device:

                  @JaredBusch said in SSH Keys and migrating to a new device:

                  @wirestyle22 said in SSH Keys and migrating to a new device:

                  @JaredBusch Thanks. This is great

                  Again, you want a unique private key on every device, in order to lock things out discretely. Otherwise if you simply had the same private key everywhere, you would lose all access form every device just because your laptop was compromised and you had to lock out the public key.

                  So this process is really only something that should ever happen on a profile migration.

                  I agree. And you want your keys labelled with their origination device, easier to track.

                  If you're nuking the profile after you migrate it what benefit would that give you?

                  He means on the server side.

                  1 Reply Last reply Reply Quote 1
                  • scottalanmillerS
                    scottalanmiller @wirestyle22
                    last edited by

                    @wirestyle22 said in SSH Keys and migrating to a new device:

                    @scottalanmiller said in SSH Keys and migrating to a new device:

                    @JaredBusch said in SSH Keys and migrating to a new device:

                    @wirestyle22 said in SSH Keys and migrating to a new device:

                    @JaredBusch Thanks. This is great

                    Again, you want a unique private key on every device, in order to lock things out discretely. Otherwise if you simply had the same private key everywhere, you would lose all access form every device just because your laptop was compromised and you had to lock out the public key.

                    So this process is really only something that should ever happen on a profile migration.

                    I agree. And you want your keys labelled with their origination device, easier to track.

                    If you're nuking the profile after you migrate it what benefit would that give you?

                    That you know that that one key still represents just one device.

                    1 Reply Last reply Reply Quote 1
                    • wirestyle22W
                      wirestyle22
                      last edited by

                      @JaredBusch @scottalanmiller OH, got it. Thanks.

                      1 Reply Last reply Reply Quote 0
                      • stacksofplatesS
                        stacksofplates @JaredBusch
                        last edited by stacksofplates

                        @JaredBusch said in SSH Keys and migrating to a new device:

                        @wirestyle22 said in SSH Keys and migrating to a new device:

                        @JaredBusch Thanks. This is great

                        Again, you want a unique private key on every device, in order to lock things out discretely. Otherwise if you simply had the same private key everywhere, you would lose all access form every device just because your laptop was compromised and you had to lock out the public key.

                        So this process is really only something that should ever happen on a profile migration.

                        Ya it's a big advantage to having automounted home directories or having LDAP store the keys. You can easily revoke and add another key and have it work everywhere.

                        Or using Kerberos instead of pub/priv keys.

                        I realize @JaredBusch knows this, but for others who may not.

                        1 Reply Last reply Reply Quote 3
                        • 1 / 1
                        • First post
                          Last post