dropbear and new host keys?
Joakim Tjernlund
Joakim.Tjernlund at infinera.com
Thu Dec 12 20:01:31 AWST 2019
On Wed, 2019-12-11 at 18:00 +0100, Joakim Tjernlund wrote:
> On Wed, 2019-12-11 at 23:53 +0800, Matt Johnston wrote:
> > Hi Joakim,
> >
> > The server needs to be stopped and restarted. If this is for new keys at
> > first-boot you could look at the -R option.
>
> It's not first boot :(
> This is when a user wants to replace the current keys for some reason. Ideally the
> next new session should read the new keys automatically.
>
> In out case we cannot just restart dropbear and rebooting just for new keys is not an option either.
> Could dropbear gain automatic reread of keys ?
>
W.r.t -R option, will it dectect a bad key and regenerate a new one ?
One problem we have with using -R is that we need to convert dropbear keys to openssh
format as well and I cannot see a way to automatically trigger dropbearconvert etc.
if we do use -R, is there a way?
Jocke
More information about the Dropbear
mailing list