Join Log in
Score:1
Manuel Jordan avatar Ubuntu

How retrieve or recreate a delete file from the /etc/ssh directory

kz flag
Manuel Jordan

In the /etc/ssh directory exists the following content:

moduli      sshd_config           ssh_host_ecdsa_key      ssh_host_ed25519_key      ssh_host_rsa_key      ssh_import_id
ssh_config  sshd_config.ucf-dist  ssh_host_ecdsa_key.pub  ssh_host_ed25519_key.pub  ssh_host_rsa_key.pub

I can see practically two categories:

  1. public/private keys
  2. configuration files

If any of those files for any of these categories is deleted by mistake.

How that file can be re-generated? Is possible?, How? it according of each category (1 or 2)

349
1 + 9
ssh
in flag
matigo
If you are concerned that these files can be deleted "by mistake", I would strongly advise one of two things: (1) have *really* good backups with an automated process that runs regularly (2) perform whatever destructive operations you plan on using within a virtual machine *first*, then run them on your system after confirming that mistakes did not happen. I've been using Linux since the mid-90s and cannot think of a single time when I deleted anything in `/etc/ssh` "by mistake" ... aside from those times I destroyed partitions with a poorly written `dd` command ...
2
Reply
user535733 avatar
cn flag
user535733
The old key cannot be re-constructed (that would defeat the entire purpose of key-based authentication). You must create a new key. "*deleted by mistake*" is why you have backups.
2
Reply
Manuel Jordan avatar
kz flag
Manuel Jordan
I know that `/etc/ssh` asks for the root/admin password - but I am curious if exists a way to recreate that files (mostly about the keys) - according with `You must create a new key` is possible - that files are very different from `.ssh` directory - so I am assuming other commands enter in action
0
Reply
in flag
matigo
Keys must be unique if they are to be of any use. If a person could re-create them, then encryption would be a myth.
0
Reply
Manuel Jordan avatar
kz flag
Manuel Jordan
Understood - but is possible generate new ones with new values? - in this case the clients must update their `known_hosts` files according the new values (for a new connection - how the first time when they receive the host's fingerprint) - Am I correct?
0
Reply
user535733 avatar
cn flag
user535733
You can generate as many new keys as you like. Generating new keys is trivial. Be clear when you say "client": The ssh client has the un-reproducable private key. The ssh server has only the public key. The ssh client must transmit the new public key (corresponding to the new private key) to the ssh server. This usually requires admin assistance, since the ssh client cannot login until the new public key is installed in the ssh server. That's not a trivial operation...unless you also happen to be an admin of the ssh server.
1
Reply
Manuel Jordan avatar
kz flag
Manuel Jordan
Yes about the _client_ (`.ssh`), where I can generate any time the pair keys and send/put the value of the public key to the `.ssh/authorized_keys` file in the server- but here the post is about server, where in the `/etc/ssh` directory there are some keys values that are sent for the clients for their first ssh connection - one about the finger print (ECDSA) and the other a copy of the public key of the server to the `.ssh/known_hosts` in the client
0
Reply
user535733 avatar
cn flag
user535733
Are you trying to prevent the fingerprint warning on an ssh client?
0
Reply
muru avatar
us flag
muru
Does this answer your question? [How can I restore configuration files?](https://askubuntu.com/questions/66533/how-can-i-restore-configuration-files) and https://askubuntu.com/questions/600584/error-could-not-load-host-key-when-trying-to-recreate-ssh-host-keys
1
Reply
Score:3
pa4080 avatar Ubuntu
cn flag
pa4080

In Ubuntu the OpenSSH client/server configuration files are:

  • /etc/ssh/sshd_config - the configuration file of the SSH server (daemon). Additional configuration files could be added in the directory /etc/ssh/sshd_config.d/ and their file extensions must be .conf (these are invoked in the beginning of /etc/ssh/sshd_config).

  • /etc/ssh/ssh_config - system wide configuration file for the SSH client, the settings in this file are applied to all users. Additional configuration files could be added in the directory /etc/ssh/ssh_config.d/ and their file extensions must be .conf (these are invoked in the beginning of /etc/ssh/ssh_config).

  • ~/.ssh/config - a personal configuration file for the SSH client. This file is located in the user's home directory within a special directory named .ssh. The directory itself must have private permissions (700), and the files inside also must be private (600).

The public/private keys are possession of a user, thus they are private :) By default they are located in user's directory ~/.ssh.

In this answer of mine in sections 1 and 2 is described how to setup key based SSH authentication: https://askubuntu.com/a/986245/566421

Here is an example of a case in which the SSH keys are not located in the user's home directory: https://askubuntu.com/a/882379/566421

If you want to recreate the directory /etc/ssh you could purge the OpenSSH client and server then reinstall them (but you may not need this):

sudo apt update
sudo apt purge openssh-client openssh-server
sudo rm -R /etc/ssh
sudo apt install openssh-client openssh-server
0 + 0
Manuel Jordan avatar
kz flag
Manuel Jordan
Practically the latest one seems be the more practical - but of course all the clients must have updated with the new keys of the server - it for the scenario for a small LAN
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.