Krzysztof Tomczyk

Experienced Linux administrator, skilled in Ruby programming, IT security, business continuity. Passionate about running, chess, travel,technology. Ensuring customer satisfaction.

2 minute read

In the world of secure communication, SSH (Secure Shell) is widely used for remote access to servers. SSH relies on cryptographic keys to authenticate and encrypt communication between the client and server. Over time, it is advisable to regenerate these SSH server keys to maintain the highest level of security. In this article, we will explore how to regenerate the SSH server keys on both Linux and Windows operating systems.

Regenerating SSH Server Keys on Linux

On Linux, the OpenSSH server (sshd) is commonly used. To regenerate the SSH server keys, follow these steps:

  1. Stop the SSH server: Before regenerating the keys, it is essential to stop the SSH server to avoid any conflicts. Open a terminal and run the following command:
sudo service sshd stop

or

sudo systemctl stop sshd
  1. Remove the existing SSH server keys: Once the SSH server is stopped, navigate to the directory where the SSH server keys are stored. The default location is `/etc/ssh/`. Identify and remove the following files:
  • ssh_host_rsa_key
  • ssh_host_rsa_key.pub
  • ssh_host_dsa_key
  • ssh_host_dsa_key.pub
  • ssh_host_ecdsa_key\
  • ssh_host_ecdsa_key.pub
  • ssh_host_ed25519_key
  • ssh_host_ed25519_key.pub

You can use the rm command to delete these files, for example:

sudo rm /etc/ssh/ssh_host_rsa_key

Ensure that you remove all the corresponding public key files as well.

  1. Generate new SSH server keys: Once the old keys are removed, generate new SSH server keys by running the following command:
sudo ssh-keygen -A

This command regenerates all the necessary SSH server keys.

  1. Start the SSH server: After regenerating the keys, start the SSH server again using the following command:
sudo service sshd start

or

sudo systemctl start sshd

Your SSH server is now using newly generated keys.

Regenerating SSH Server Keys on Windows

On Windows, OpenSSH is available as a feature starting from Windows 10 version 1809 (October 2018 Update) and Windows Server 2019. To regenerate the SSH server keys, follow these steps:

  1. Stop the SSH server: Open an elevated PowerShell or Command Prompt window and execute the following command to stop the SSH server service:
Stop-Service sshd
  1. Remove the existing SSH server keys: Navigate to the directory where the SSH server keys are stored. By default, it is `C:\ProgramData\ssh`. Delete the following files:
  • ssh_host_rsa_key
  • ssh_host_rsa_key.pub
  • ssh_host_dsa_key
  • ssh_host_dsa_key.pub
  • ssh_host_ecdsa_key
  • ssh_host_ecdsa_key.pub
  • ssh_host_ed25519_key
  • ssh_host_ed25519_key.pub

You can use the del command to delete these files, for example:

del C:\ProgramData\ssh\ssh_host_rsa_key

Make sure to remove the corresponding public key

files as well.

  1. Generate new SSH server keys: After deleting the old keys, generate new SSH server keys by running the following command:
 ssh-keygen -A

This command regenerates all the necessary SSH server keys.

You May Also Enjoy

Saving Permissions for Files and Directories

1 minute read

Archiving permissions for files and directories can often prove to be a valuable practice, especially in scenarios where system configurations or access requ...