How to transfer the identity (SSH) of a machine to a new machine?

The server credentials —that make up the "fingerprint" SSH clients bleat on about if they are incorrect— are actually just keypairs defined in /etc/ssh/sshd_config:

# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

Copy these files over (with their .pub variants), replicate a similar config pointing to them, reload sshd, and things should Just Work™.

You'll also want to copy over client pubkeys (that people have uploaded to their ~/.ssh/authorized_keys but as this is an upgrade, you're probably copying those anyway.

And obviously the fingerprint also relies on the hostname being the same but it sounds like that's what you're doing anyway.


You must append the contents of $HOME/.ssh/id_rsa.pub to the other server's $HOME/.ssh/authorized_keys. Luckily, there is a binary for that; ssh-copy-id. Its usage is simple: ssh-copy-id -i .ssh/id_rsa.pub <user>@<remote.server>