Linux: Regenerate SSH host keys

Fedora and CentOS automatically regenerate SSH host keys on bootup if the key files are missing. This makes it easy to trigger regeneration as you simply remove the keys, and reboot the server. Other distributions are not quite as forgiving and require manual intervention. These are the steps I've used on Debian to get updated host keys.

rm /etc/ssh/ssh_host_*
ssh-keygen -f /etc/ssh/ssh_host_rsa_key     -N '' -q -t rsa
ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key   -N '' -q -t ecdsa
ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -q -t ed25519

ls /etc/ssh/*key* -lsh

systemctl restart sshd
Leave A Reply - 2 Replies
Chris 2022-05-28 03:09am - vikas@... - Logged IP: 2405:201:601f:58a8:f141:3c84:3096:c18a

I had an issue with 4 node DAG set up where multi role installed. ECP and OWA crashed keep crashing after CU13 updated. I did startdagmaintenacemode.ps1 to put the server DAGs in maintenace mode and please visit us:

FeRD (Frank Dana) 2023-10-18 12:40am - ferdnyc@... - Logged IP:

Even easier is probably this:

rm /etc/ssh/ssh_host_*
apt reinstall openssh-server

The .deb package will also generate new valid keys on install, IF the empty keyfiles aren't there.

All content licensed under the Creative Commons License