Well, technically this is for any Linux VM appliance you download, not just my reverse proxy....

Anyway, every Linux host should have it's own unique host SSH key to ensure security and authenticity of the server you are connecting to. When you create a server from an OVF that doesn't happen automatically. In fact you get the SSH host key that is on the OVA at time of creation (in this case mine).....potentially opening you up to man in the middle attacks (potentially.....although unlikely).

Here's how to do it......Log in into the Proxy server as root (either via VMware console or SSH into the host using Putty) and issue the following commands:

rm -rf /etc/ssh/ssh_host_*
ssh-keygen -A

service ssh restart



Here's the expected output from the above commands....

Image:If you are using my Reverse Proxy, please change the SSH host key

Once you do this, try logging in again via SSH (again I use Putty) and you should see a warning about a potential security breach and that this could be a bad thing (see below), it's not as we meant to create a new key, so click Yes;

Image:If you are using my Reverse Proxy, please change the SSH host key
Darren Duke   |   January 14 2015 07:55:31 AM   |    proxy  linux  security    |  
  |   Next Document   |   Previous Document

Discussion for this entry is now closed.

Comments (0)

No Comments Found