On 2023/02/24 13:25, Keine Eile wrote: > The MAC is my weapon of choice, because no matter what virtualization > you have, this will (in a sense, it hast to) change. Changing the > hostname comes with the Ansible stuff, but this is already too late. Regenerating host keys if the MAC changes is no good in the general case. Firstly, *which* MAC, there can be more than one. Secondly, if you legitimately replace a NIC/motherboard due to hardware failure (or move disks between motherboards etc) you'll generate new keys when you shouldn't. This isn't unique to SSH; there are other files depending on the software involved which might include /etc/machine-id, saved RNG seeds, IPv6 SOII keys, which need removing when preparing to clone. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
