Scenario:
- Linux server, allowing users to connect via SSH using the
putty-0.80.exessh client on Windows 10. - Work environment, 100+ users mostly NOT computer savvy
- Linux Server updated from Redhat-7 to Redhat-8, as such the SSH host key legitimately changes.
- When users go to log in for the first time on the server having been updated to RHEL-8, they get the Putty Security Breach Warning, SSH host key has changed
- the host key does not match the one putty has cached for this server; this means either the admin has changed the host key or you have actually connected to another computer pretending to be the server; the new
ecdsa-sha2-nistp256key fingerprint is ...
- the host key does not match the one putty has cached for this server; this means either the admin has changed the host key or you have actually connected to another computer pretending to be the server; the new
What is the correct way to handle this situation?
- Am I the only one who ignores this whenever this putty warning pops up and just clicks accept and tells everyone else to just click accept and ignore it? What do you do?
- Is maintaining my previous key from the RHEL-7 installation and then importing it into the RHEL-8 installation acceptable (so users never see this warning in putty) ?
- With the new SSH host key created from the RHEL-8 installation (upgrade) how would you disseminate that to 100+ users who don't understand any of this? The update from RHEL 7 to 8 was entirely transparent to users except for this.
