Migrate Host Keys
Note: This page applies to SFTP Gateway version 2.x. Visit Here for documentation on version 3.x.
When migrating between VMs, you need to sync the server host keys. Existing SFTP users will have these cached on their local machines, and will get an error if the server host keys are different.
When connecting via SFTP to an OpenSSH server, the SFTP client is presented with the server's host keys. This is how the server proves its identity.
The first time you connect, you are prompted to type
yes to cache
the server host keys. On subsequent connections, you are not prompted
because the server host keys match the entry stored in your cache:
If the server host keys change, they will no longer match your cached entries. The SFTP client then encounters an error.
During a migration, you need to remember to sync your server host keys.
Every time a new VM spins up, it dynamically generates its own set of server host keys. These are located here:
There is a key pair for each supported algorithm (e.g.
You will need to copy each file from the old server to the new.
On the old server, copy the files to the
ec2-user's home directory.
sudo su mkdir /home/ec2-user/server_host_keys/ cd /etc/ssh/ cp -a ssh_host_* /home/ec2-user/server_host_keys/ cd /home/ec2-user/ tar czvpf server_host_keys.tar.gz server_host_keys
From your computer, you can SCP these files down:
scp -i private.key ec2-user@ip-address-old-server:/home/ec2-user/server_host_keys.tar.gz .
From your computer, you can SCP these files up to the new server:
scp -i private.key ec2-user@ip-address-new-server:/home/ec2-user/
On the new server, move the new host keys aside:
sudo su cd /etc/ssh mkdir original-host-keys/ mv ssh_host_* original-host-keys/
And then extract the host keys from the old server:
cd /home/ec2-user/ tar xzvpf server_host_keys.tar.gz cd server_host_keys/ mv ssh_host_* /etc/ssh/