bugzilla-daemon at mindrot.org
2025-Mar-31 21:28 UTC
[Bug 3805] New: sshd requires a reload or restart when a new identity key is generated
https://bugzilla.mindrot.org/show_bug.cgi?id=3805
Bug ID: 3805
Summary: sshd requires a reload or restart when a new identity
key is generated
Product: Portable OpenSSH
Version: 9.8p1
Hardware: ARM64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: syaghi at ciena.com
Hi,
I was previously running openSSH 9.6p1 and have upgraded to 9.9p2. I
noticed since upgrading that if I generate a new identity key for my
server (using ssh-keygen) and replace the old key files with the new
keys, the old key continues to be sent to clients until I reload or
restart the sshd service.
When I was running 9.6p1, I didn't have to reload or restart the sshd
service when I changed the server's identity key; New client
connections were getting the server's new key.
I couldn't find a note in the SSH release notes that sshd requires a
reload/restart when the server identity key is changed. Is this
expected? If so, is there a way to tell sshd to always read the key
from the file so a reload/restart of sshd is not required?
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2025-Mar-31 22:16 UTC
[Bug 3805] sshd requires a reload or restart when a new identity key is generated
https://bugzilla.mindrot.org/show_bug.cgi?id=3805
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
No, the previous behaviour was a bug and was fixed in the process of
splitting sshd into separate listener and session handling binaries.
There is no way to make sshd pick up new keys except by reloading.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.