While cleaning up some ssh client known_hosts files, I realized that SD card installs have the same server host keys. It seems like security could be improved if I were to regenerate those keys. Is there a reason that mucks with the FlightAware connection such that I should not regenerate the keys? TIA.
The PiAware sdcard image does not ship with host keys (that’d be a security flaw); note how the pristine image doesn’t have host keys in /etc/ssh:
rootfs$ ls -l etc/ssh/
total 564
-rw-r--r-- 1 root root 565189 Feb 1 2020 moduli
-rw-r--r-- 1 root root 1580 Feb 1 2020 ssh_config
-rw-r--r-- 1 root root 3250 Feb 1 2020 sshd_config
-rw-r--r-- 1 root root 338 Mar 11 14:45 ssh_import_id
New keys are generated on first boot (see /lib/systemd/system/regenerate_ssh_host_keys.service)
If you’ve got duplicated host keys then you’ve done something like taken a backup image after first boot.
2 Likes
That’s exactly what I did after an SD card fail. I should have gone back and checked an original image. Thanks Oliver, I knew you’d have the answer.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.