While cleaning up some ssh client known_hosts files, I realized that SD card installs have the same server host keys. It seems like security could be improved if I were to regenerate those keys. Is there a reason that mucks with the FlightAware connection such that I should not regenerate the keys? TIA.
The PiAware sdcard image does not ship with host keys (that’d be a security flaw); note how the pristine image doesn’t have host keys in
rootfs$ ls -l etc/ssh/ total 564 -rw-r--r-- 1 root root 565189 Feb 1 2020 moduli -rw-r--r-- 1 root root 1580 Feb 1 2020 ssh_config -rw-r--r-- 1 root root 3250 Feb 1 2020 sshd_config -rw-r--r-- 1 root root 338 Mar 11 14:45 ssh_import_id
New keys are generated on first boot (see
If you’ve got duplicated host keys then you’ve done something like taken a backup image after first boot.
That’s exactly what I did after an SD card fail. I should have gone back and checked an original image. Thanks Oliver, I knew you’d have the answer.