On Tue, 08 Mar 2005 20:38:44 -0600, John Reese <jwreese0 at comcast.net> wrote:
> My company will replace a server running RH 7.2 with a box running RH 9.
> Hundreds of clients connect to the old box using SSH v. 1. The new box
> will have the same name and the same IP address, and will host SSH v. 1
> sessions with the same clients. We have done as much as we can to make
> it look like the old server, but if we allow it to run SSHd on its
> locally-generated private keys the clients will not connect, claiming it
> is a man-in-the-middle attack.


Out of curiosity, why continue to use SSH1?  It has a well-known exploit.

Continuing on in the security mindset, why re-use the key pair if you
don't have access to all of the systems?  Especially when you don't
control, or have access to them.  To me, by forcing a key pair change,
you are securing the system further.  You are able to review the
systems that connect, and determine which ones need access and which
ones don't.  Yes, it's more overhead, but it's a clean up process
rather than "carrying forward" crap that may not need to be there.

-- 
-Shawn

-Nemo me impune lacessit.  Ne Obliviscaris..