FlightAware Discussions

SSH server host keys on SD card installs

While cleaning up some ssh client known_hosts files, I realized that SD card installs have the same server host keys. It seems like security could be improved if I were to regenerate those keys. Is there a reason that mucks with the FlightAware connection such that I should not regenerate the keys? TIA.

The PiAware sdcard image does not ship with host keys (that’d be a security flaw); note how the pristine image doesn’t have host keys in /etc/ssh:

rootfs$ ls -l etc/ssh/
total 564
-rw-r--r-- 1 root root 565189 Feb  1  2020 moduli
-rw-r--r-- 1 root root   1580 Feb  1  2020 ssh_config
-rw-r--r-- 1 root root   3250 Feb  1  2020 sshd_config
-rw-r--r-- 1 root root    338 Mar 11 14:45 ssh_import_id

New keys are generated on first boot (see /lib/systemd/system/regenerate_ssh_host_keys.service)

If you’ve got duplicated host keys then you’ve done something like taken a backup image after first boot.

2 Likes

That’s exactly what I did after an SD card fail. I should have gone back and checked an original image. Thanks Oliver, I knew you’d have the answer.