Link to home
Start Free TrialLog in
Avatar of Dimarc67
Dimarc67Flag for United States of America

asked on

Can the SSH Host Key Fingerprint be changed?

We are using IBM Director 5.20.3 for managing our Windows physical and virtual systems.  When manually adding (by IP address) Macintoshes running 10.4.11, the system happily recognizes them, accepts the Mac's local administrative username and password for access, and fully supports SSH console connections to each Mac.

However, we have two Macs that are seen by IBM Director as a single system with two IP addresses.  Adding one of the two Macs adds it to the list of managed systems normally.  Then adding the second of the two Macs, will simply relock the listing of the first, and, once unlocked again, shows both IP address for the one system.  The two models in play are totally different--one's a Mac Pro G5, the other a Mac Mini.  We have other G5's in the system without issue, but we only have the one Mini.

The Macs were purchased long before my arrival to this organization, so I do not know how they were deployed.  It's easy to guess that they were probably imaged, possibly from the same image.  Given IBM Director's confusion, there's obviously something indentifying on both systems that makes IBM Director think they're the same system.

My first guess is perhaps the SSH Host Key Fingerprint which IBM Director displays in the system information for the "combined" Macs.  All of the other five Macs we've added to IBM Director show unique keys, so if the two Macs in question have the same key, could that be the issue?

If it is the SSH Host Key Fingerprint, or just to rule it out, can someone provide the command lines to change the sshe host key fingerprint?  (My expertise is totally Windows, and OS X GUI.)

Dimarc67
New York, NY
Avatar of cmaohio
cmaohio
Flag of United States of America image

The fingerprint would be changed using the SSHD commands in the terminal. Since the Mac is built on linux, you should be able to create new keys with that. This should help I think: http://pkeck.myweb.uga.edu/ssh/
Avatar of Dimarc67

ASKER

Thanks, but I've already tried this procedure.  I generated both rsa and dsa keys on one of the two Macs, logged in as root, but the current key remains unchanged.  

Does the system need to be rebooted for the new key to be used?  Is there a service that I can restart via terminal that may cause the new key to be recognized?  It'd be a big help to avoid rebooting the system.
the service, i think needs to be restarted. The command should be:

sudo killall sshd; sudo sshd
Big tip for anyone reading this:
Don't try to kill the sshd service through an ssh session.  :-)

After I was disconnected, I was able to ask the user to reboot the system, but it doesn't seem to have had any effect.  After removing and re-adding the system in IBM Director, the reported SSH Host Key Fingerprint remains unchanged.  

It lists the key as "ssh-rsa 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx" (x's are digits).  I previously successfully generated an rsa key, apparently ineffectually.  Is there anything more that should be done to allow the system to forget the old key, or recognize the new one?
ASKER CERTIFIED SOLUTION
Avatar of James Looney
James Looney
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial