David Collins via plug on 27 Jul 2023 22:37:04 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux equivalent of a Windows SID

You should also reset the ssh host keys when you clone a Linux server. Those are the keys the server uses to authenticate itself and establish encrypted communication when clients connect via ssh. Each server should have a unique set of keys. They are stored in /etc/ssh/ssh_host_*. You can reset the keys on a Debian/Ubuntu system with:

rm -v /etc/ssh/ssh_host_*
sudo dpkg-reconfigure openssh-server

---
David Collins
dave@cyberpunkjedi.com


------- Original Message -------
On Monday, June 26th, 2023 at 2:51 PM, brent saner via plug <plug@lists.phillylinux.org> wrote:

On Mon, Jun 26, 2023 at 2:20 PM Rich Freeman via plug <plug@lists.phillylinux.org> wrote:
On Mon, Jun 26, 2023 at 2:02 PM Rich Mingin (PLUG) via plug
<plug@lists.phillylinux.org> wrote:
>
> Systemd does something similar. I don’t know of anything leveraging systemd’s unique machine identifier aside from systemd itself.
>

Systemd puts this info in /etc/machine-id

Aside from filesystem UUIDs and partition UUIDs (which absolutely should be changed on cloning), yeah- the machine-id is the closest thing Linux has to the system SID on Windows (though unlike Windows, it's only for the system - there isn't an SID for every single object - user, etc. but there ARE other IDs in use; see systemd-id128(1) for more information on what these IDs are.)
It is visible in the output of hostnamectl, and presumably there is a
DBUS API to obtain it.

I don't know what triggers regenerating it. Obviously if you clone a
machine you'd need to do something to tell systemd to create a new one
unless it can detect that. Systemd has some concepts of ephemeral
hosts and so on and some container-oriented capabilities. It would
definitely be something I'd look into if this was something I needed.

systemd-machine-id-setup(1) or systemd-firstboot{1} is typically how this is (re-)generated, depending on the specific context. I think cloud-init will automatically regen one if that tooling's in the pipeline. Recommend also referring to machine-id(5) for more specific information.
It is also worth looking at your virtualization/container environment
if you're using them, as those might also provide some reliable way of
generating persistent unique IDs for instances of things. Certainly
kubernetes offers stuff like this, especially for things like
statefulsets that can dynamically scale instances while providing them
with consistent storage.

Yep! Confirmed; aside from K8s, cloud-init can also handle this (https://cloudinit.readthedocs.io/en/latest/reference/cli.html#clean). 

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug