5.2 Create a New Host Key

In most cases, you do not need to make any changes to the default server host key. The server installation package checks to see if an existing host key pair is already present. If no host key is found, the package creates a new host key pair and the server uses this pair for host authentication. If a host key already exists in /etc/ssh2, Reflection for Secure IT uses this key. If an OpenSSH host key is found in /etc/ssh, Reflection for Secure IT migrates the key to the correct format and location and uses the migrated key.

To create and use a new host key

  1. Log in as root.

  2. Terminate any instances of sshd using the server script. (For additional information, see Start and Stop the Server.)

  3. Use ssh-keygen to generate a new host key. For example:

    ssh-keygen -P /etc/ssh2/hostkey2

    NOTE:The -P option creates a key with no passphrase protection, which is required for host keys.

  4. (Optional) If you use a new host key name and/or location, edit the server configuration file (/etc/ssh2/sshd2_config). Use the HostKeyFile keyword to specify the new name and location:

    HostKeyFile=/etc/ssh2/hostkey2

    This step is not required if you continue to use the default host key name (/etc/ssh2/hostkey).

  5. Restart the service.