≡ Menu

Ubuntu / Debian Linux Regenerate OpenSSH Host Keys

How do I regenerate OpenSSH sshd server host keys stored in /etc/ssh/ssh_host_* files? Can I safely regenerate ssh host keys using remote ssh session as my existing ssh connections shouldn't be interrupted on Debian or Ubuntu Linux?

Tutorial details
DifficultyIntermediate (rss)
Root privilegesYes
Estimated completion time2m
To regenerate keys you need to delete old files and reconfigure openssh-server. It is also safe to run following commands over remote ssh based session. Your existing session shouldn't be interrupted.

Step # 1: Delete old ssh host keys

Login as the root and type the following command to delete files on your SSHD server:
# /bin/rm -v /etc/ssh/ssh_host_*

Step # 2: Reconfigure OpenSSH Server

Now create a new set of keys on your SSHD server, enter:
# dpkg-reconfigure openssh-server
Sample output:

Creating SSH2 RSA key; this may take some time ...
Creating SSH2 DSA key; this may take some time ...
Restarting OpenBSD Secure Shell server: sshd.

Step # 3: Update all ssh client(s) known_hosts files

Finally, you need to update ~/.ssh/known_hosts files on client computers, otherwise everyone will see an error message that read as follows:

Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /home/vivek/.ssh/known_hosts to get rid of this message.
Offending key in /home/vivek/.ssh/known_hosts:12
RSA host key for 202.54.xx.abc has changed and you have requested strict checking.
Host key verification failed.

Either remove host fingerprint or update the file using vi text editor:
$ ssh-keygen -R remote-server-name-here

Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?

{ 7 comments… add one }

  • gkforcare October 14, 2008, 10:04 am

    Just what I needed! Thanks.

  • Dave February 14, 2009, 9:57 pm

    Very helpful. Excellent article. Thanks.

  • RobM March 2, 2009, 12:04 pm

    Just what I was looking for, thanks!

  • qas September 20, 2009, 1:01 pm

    Very helpful thanks a lot!

  • Oliver B November 19, 2011, 4:17 am

    Great post, thanks a lot!!!!!!

  • Very helpful September 4, 2012, 10:08 pm

    thx very helpful post

  • Victor Porton April 10, 2014, 9:29 pm

    At first I tried to update ~/.ssh/known_hosts on the server and this not worked.

    Only later I realized that ~/.ssh/known_hosts is on my local Linux PC.

    Please edit your post to make clear which files are on the server and which on the Linux PC.

Leave a Comment