Create a New Host Key

In most cases, you do not need to make any changes to the default server host key. The server installation package checks to see if an existing host key pair is already present. If no host key is found, the package creates a new host key pair and the server uses this pair for host authentication. If a host key already exists in /opt/microfocus/rsit/etc, Reflection for Secure IT UNIX Client and Server uses this key. If an OpenSSH host key is found in /etc/ssh, Reflection for Secure IT UNIX Client and Server migrates the key to the correct format and location and uses the migrated key.

To create and use a new host key

1. Log in as root.

2. Terminate any instances of sshd using the server script. (For additional information, see Start and Stop the Server.)

3. Use ssh-keygen to generate a new host key. For example:

   ssh-keygen -P /opt/microfocus/rsit/etc/hostkey2
   

   Note

   The -P option creates a key with no passphrase protection, which is required for host keys.

4. (Optional) If you use a new host key name and/or location, edit the server configuration file (/opt/microfocus/rsit/etc/sshd2_config). Use the HostKeyFile keyword to specify the new name and location:

   HostKeyFile=/opt/microfocus/rsit/etc/hostkey2
   

   This listitem is not required if you continue to use the default host key name (/opt/microfocus/rsit/etc/hostkey).

5. Restart the service.

---

More information

• Public Key Authentication Overview