On Tue 12 Apr 2016 at 10:28:54 (-0400), ken wrote: > On 04/11/2016 09:31 PM, David Wright wrote: > >On Mon 11 Apr 2016 at 19:02:45 (-0400), ken wrote: > >>This is on Wheezy for a Raspberry Pi. > >> > >>Using dd, I copied the SD card for one (nicely working and > >>configured) system onto another SD card. I want to use this second > >>card for another system, so need to change the hostname and (static) > >>IP address. Yesterday I grepped the whole system for one and then > >>the other and where I found either, I made appropriate changes > >>(i.e., previous hostname to new hostname, previous IP address to new > >>IP address). I also zeroed out all text-based files in /var/log/ > >>(e.g., >messages), just to start the new system with clean logs. > >> > >>Both the previous (still running) system and the new one (not yet > >>running) are to be on the same LAN, so I'm pretty certain that no > >>other networking configuration-- like broadcast or netmask-- needs > >>to be touched (how could it need any?). > >> > >>Neither of these systems has any public-facing services currently running. > >> > >>My concerns are these: > >> > >>Only files which grep could find were amended. (Note that grep was > >>run on the card when it was mounted on another system, not when the > >>system on that card was booted and running.) Is there a file of > >>some kind, perhaps, which encodes either the hostname and/or IP > >>address in such a way that would hide it/them from grep? > >If you regenerate ssh keys, your .ssh/known_hosts files will have > >hostnames and IP numbers you might want to remove. They're encrypted. > >You could blank them like the log files. > > > >The key pairs themselves only have visible hostnames in the public > >part's file. > > Ah, yes! Thanks. Some brain cells knew that, but were sleeping. > But actually I want to keep that ~/.ssh/known_hosts so I can ssh > from this new RPi to the other machines on my LAN without having to > reconfigure all that ssh stuff... one of the several time-saving > reasons I'm (quasi-)duplicating the SD card. > > But you bring up a very good point: I don't want the new system to > have the same /etc/ssh/ssh_host_*key* files that the previous system > has. Though it might work okay, still I think the sshd host keys > are meant to be unique across all LAN'd systems (ideally unique in > the universe). So I think I need to do "rm etc/ssh/ssh_host_*key*" > so that sshd knows they're gone; in the past IIRC these host keys > were automatically created, probably done in the sshd script under > init.d; I hope that it's the same under the new-fangled systemd > code.
After removing the old (duplicate) keys, just do # ssh-keygen -A to generate a new set. Then restart the ssh server with # /etc/init.d/ssh restart so it reads and uses the new keys. > >>Since people are supposed to be able (I think, never done) to take > >>an SD out of one RPi and put and boot it in another RPi (with the > >>same hardware), I didn't make any attempt to find and change any > >>hardware designations, like the MAC address of the NIC. Is that > >>okay? > >> > >>Your router may know IP#/MAC combinations for dhcp. > > I'm not using dhcpd on the router, so that won't affect me. But for > those who do, if you can do "arp -a" on your router, that will show > which MAC addresses are cached; "arp -d address" will delete that > address's entry in the arp table, allowing/obligating the system to > generate a/the new entry. I wasn't meaning MACs _cached_ in the router, but MACs _configured_ there, so that its dhcp server gives the correct (fixed) IP# to each host according to its MAC. Thus my laptop's IP# was 10.x.x.x this morning at the airport (issued by their dhcp server) but it switched to the same old 192.168.1.y when I got home because it has an address reserved for it. (That's for others' benefit.) Cheers, David.
