How to regenerate new ssh server keys

This is an unusual topic since most distribution create these keys for you during the installation of the OpenSSH server package on sites ranging from small blogs to huge ecommerce websites. But it may be useful to be able generate new server keys from time to time, this happen to me when I duplicate Virtual Private Server which contains an installed ssh package.

OpenSSH require different keys depending if you use SSH1 and/or SSH2 protocol. All keys are generated by ssh-keygen, that one should be available on your system with the ssh package. The receipt is almost the same as for generating your own keys, except that you should use an empty passphrase. Default key lengths are also appropriate (2048 bits for rsa and 1024 bits for dsa)

SSH1 protocol

For SSH1 protocol, you need a rsa1 key generated has follow:

ssh-keygen -q -f /etc/ssh/ssh_host_key -N '' -t rsa1

SSH2 protocol

For SSH2 protocol, you need two keys, one rsa key and one dsa key generated has follow:

Live Websites

Disabling password authentication is critical for any live server that's open to the internet at large. Just go to this example URL https://comprogear.com/super-plus-size-compression-stockings and ping the server. Any simple bot script could attempt to brute force Port 22 to access the website with ease.

ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa

See also...