3

I accidentally exposed the keys in /etc/ssh

What is the risk?

I think it will allow someone to impersonate the server and conduct MITM.

Will it let someone SSH into the server? I think not because they're not the private keys of the users

Improve this question

1 Answer 1

Reset to default
4

You are correct in your assumptions. The keys in /etc/ssh are the keys used to identify the server to the clients, so they cant be used to connect. They can however, as you also correctly states, be used to by someone to identify as your server.

You can generate new keys for the server and notify any users that there is a new key and they should trust it. Users typically store your servers public key in their ~/.ssh/known_hosts file, so this needs to be updated. This can be more or less of a hassle depending on how many users you have.

Improve this answer
1
  • 2
    It might be good to know that when these keys are regenerated, clients will receive an error message and can no longer connect to the server until they remove the current public key entry from the ~/.ssh/known_hosts file.
    – Jeroen
    Commented Jul 13, 2019 at 8:03

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .